ETSI TS 103 096-2 vi. 1.1 



(2013-07) 




Intelligent Transport Systems (ITS); 

Testing; 

Conformance test specification for TS 102 867 and TS 102 941 ; 

Part 2: Test Suite Structure and Test Purposes (TSS&TP) 



ETSI TS 103 096-2 V1.1.1 (2013-07) 



Reference 



DTS/ITS-0050019 
Keywords 



ITS, testing, TSS&TP 



ETSI 

650 Route des Lucioles 
F-06921 Sophia Antipolis Cedex - FRANCE 

Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 1 6 

Siret N ° 348 623 562 0001 7 - NAF 742 C 
Association a but non lucratif enregistree a la 
Sous-Prefecture de Grasse (06) N° 7803/88 



Important notice 



Individual copies of the present document can be downloaded from: 
http://www.etsi.orq 

The present document may be made available in more than one electronic version or in print. In any case of existing or 

perceived difference in contents between such versions, the reference version is the Portable Document Format (PDF). 

In case of dispute, the reference shall be the printing on ETSI printers of the PDF version kept on a specific network drive 

within ETSI Secretariat. 

Users of the present document should be aware that the document may be subject to revision or change of status. 

Information on the current status of this and other ETSI documents is available at 

http://portal.etsi.org/tb/status/status.asp 

If you find errors in the present document, please send your comment to one of the following services: 

http://portal.etsi.orq/chaircor/ETSI support.asp 

Copyright Notification 

No part may be reproduced except as authorized by written permission. 
The copyright and the foregoing restriction extend to reproduction in all media. 

© European Telecommunications Standards Institute 2013. 
All rights reserved. 

DECT™, PLUGTESTS™, UMTS'^'^ and the ETSI logo are Trade IVIarks of ETSI registered for the benefit of its Members. 
2QppTM ^^^ LTETM are Trade Marks of ETSI registered for the benefit of its Members and 

of the 3GPP Organizational Partners. 
GSM® and the GSM logo are Trade Marks registered and owned by the GSM Association. 



ETSI 



ETSI TS 103 096-2 V1.1.1 (2013-07) 



Contents 



Intellectual Property Rights 5 

Foreword 5 

1 Scope 6 

2 References 6 

2.1 Normative references 6 

2.2 Informative references 7 

3 Definitions and abbreviations 7 

3.1 Definitions 7 

3.2 Abbreviations 7 

4 Prerequisites and Test Configurations 7 

4.1 Test Configurations 7 

4.2 PKI Hierarchy 9 

4.3 Feature Restriction and Pre-Enrolment 10 

4.3.1 Feature Restriction 10 

4.3.2 Pre-Enrolment 11 

4.4 States in Initial Conditions 12 

4.4.1 ITS-S send side states 12 

4.4.2 ITS-S receive side states 12 

4.4.3 EA states 12 

4.4.4 AA states 12 

4.5 Validity of Signed Communication 12 

4.6 Introduction of Snippets of Data Structures 12 

4.7 Variants, Variables and Snippet Naming Convention 13 

5 Test Suite Structure (TSS) 13 

5.1 Structure for Security tests 13 

5.2 Test groups 14 

5.2.1 Root 14 

5.2.2 Groups 14 

5.2.3 Sub groups 14 

5.2.4 Categories 14 

6 Test Purposes (TP) 14 

6.1 Introduction 14 

6.1.1 TP definition conventions 14 

6.1.2 TP Identifier naming conventions 15 

6.1.3 Rules for the behaviour description 15 

6.1.4 Sources of TP definitions 15 

6.1.5 Mnemonics for PICS reference 15 

6.1.6 Message encapsulation 17 

6.1.7 Used constants 18 

6.1.8 Snippets definitions 19 

6.1.8.1 Regions 19 

6.1.8.2 Certificates 19 

6.1.8.2.1 Authorities certificates 19 

6.1.8.2.2 End-Entities certificates 22 

6.1.8.3 Messages 25 

6.1.8.3.1 ITS station testing 25 

6.1.8.3.2 Enrolment Authority testing 28 

6.1.8.3.3 Authorization Authority testing 29 

6.2 Test purposes for SECURITY 31 

6.2.1 ITS Station 31 

6.2.1.1 Enrolment 31 

6.2.1.1.1 Normal Behaviour 31 

6.2.1.1.2 Exceptional Behavior 40 



£75/ 



4 ETSI TS 1 03 096-2 V1 .1 .1 (201 3-07) 

6.2.1.2 Authorization 47 

6.2.1.2.1 Normal Behavior 47 

6.2.1.2.2 Exceptional Behavior 54 

6.2.1.3 Sending Data 66 

6.2.1.4 Receiving Data 73 

6.2.1.4.1 Normal Behavior 73 

6.2.1.4.2 Exceptional behavior 77 

6.2.2 Certificate Authority 91 

6.2.2.1 Normal Behavior 91 

6.2.2.1.1 Generic message verification 91 

6.2.2.1.2 Key Compression 94 

6.2.2.1.3 Permissions 95 

6.2.2.1.4 Expiration 97 

6.2.2.1.5 Regions 99 

6.2.2.2 Exceptional Behavior 100 

6.2.2.2.1 Invalid Message Fields 100 

6.2.2.2.2 Invalid Certificate or Certificate Chain 103 

6.2.2.2.3 Invalid Certificate Fields 107 

6.2.2.2.4 Invalid Permissions 110 

6.2.2.2.5 Invalid Regions 113 

6.2.2.2.6 Expiration 114 

6.2.3 Enrolment Authority 116 

6.2.3.1 Normal Behavior 116 

6.2.3.2 Exceptional Behavior 116 

6.2.4 Authorization Authority 118 

6.2.4.1 Normal Behavior 118 

6.2.4.1.1 Scopes (Scope Kind and Scope Name) 118 

6.2.4.1.2 Expiration 120 

6.2.4.2 Exceptional Behavior 121 

6.2.4.2.1 Invalid Certificates or Certificate Chain Fields 121 

6.2.4.2.2 Invalid Scopes (Subject Type and Scope Name) 122 

History 123 



£75/ 



ETSI TS 103 096-2 V1.1.1 (2013-07) 



Intellectual Property Rights 



IPRs essential or potentially essential to the present document may have been declared to ETSI. The information 
pertaining to these essential IPRs, if any, is publicly available for ETSI members and non-members, and can be found 
in ETSI SR 000 314: "Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in 
respect of ETSI standards", which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web 
server ( http://ipr.etsi.org ). 

Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee 
can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web 
server) which are, or may be, or may become, essential to the present document. 



Foreword 



This Technical Specification (TS) has been produced by ETSI Technical Committee Intelligent Transport Systems 
(ITS). 

The present document is part 2 of a multi-part deliverable covering Conformance test specification for ITS Security as 
identified below: 

TS 103 096-1: "Protocol Implementation Conformance Statement (PICS)"; 

TS 103 096-2: "Test Suite Structure and Test Purposes (TSS&TP)"; 

TS 103 096-3: "Abstract Test Suite (ATS) and Protocol Implementation eXti-a Information for Testing (PIXIT)"; 

TR 103 096-4: "Validation report". 
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Scope 



The present document provides the Test Suite Structure and Test Purposes (TSS&TP) for Security as defined in 

IEEE P 1609.2 [1], TS 102 941 [2] and TS 102 867 [3] in compliance with the relevant requirements and in accordance 

with the relevant guidance given in ISO/IEC 9646-7 [9]. 

The ISO standard for the methodology of conformance testing (ISO/IEC 9646-1 [6] and ISO/IEC 9646-2 [7]) as well as 
the ETSI rules for conformance testing (ETS 300 406 [10]) are used as a basis for the test methodology. 



2 References 

References are either specific (identified by date of publication and/or edition number or version number) or 
non-specific. For specific references, only the cited version applies. For non-specific references, the latest version of the 
reference document (including any amendments) applies. 

Referenced documents which are not found to be publicly available in the expected location might be found at 
http://docbox.etsi.org/Reference . 

NOTE: While any hyperlinks included in this clause were valid at the time of publication ETSI cannot guarantee 
their long term validity. 

2.1 Normative references 

The following referenced documents are necessary for the application of the present document. 

[1] IEEE P1609.2/D12 (January 2012): "IEEE Draft Standard for Wireless Access in Vehicular 

Environments - Security Services for Applications and Management Messages. 

[2] ETSI TS 102 941: "Intelligent Transport Systems (ITS); Security; Trust and Privacy 

Management". 

[3] ETSI TS 102 867: "Intelligent Transport Systems (ITS); Security; Stage 3 mapping for 

IEEE 1609.2". 

[4] ETSI TS 103 096-1 (VI. 1.1): "IntelHgent Transport Systems (ITS); Testing; Conformance test 

specification for TS 102 867 and TS 102 941; Part 1: Protocol Implementation Conformance 
Statement (PICS)". 

[5] ETSI TS 103 096-3 (VI. 1.1): "IntelHgent Transport Systems (ITS); Testing; Conformance test 

specification for TS 102 867 and TS 102 941; Part 3: Abstract Test Suite (ATS) and Protocol 
Implementation eXtra Information for Testing (PIXIT)". 

[6] ISO/IEC 9646-1 (1994): "Information technology — Open Systems Interconnection — 

Conformance testing methodology and framework — Part 1: General concepts". 

[7] ISO/IEC 9646-2 (1994): "Information technology - Open Systems Interconnection - 

Conformance testing methodology and framework — Part 2: Abstract Test Suite specification". 

[8] ISO/IEC 9646-6 (1994): "Information technology - Open Systems Interconnection - 

Conformance testing methodology and framework — Part 6: Protocol profile test specification". 

[9] ISO/IEC 9646-7 (1995): "Information technology — Open Systems Interconnection — 

Conformance testing methodology and framework — Part 7: Implementation Conformance 
Statements". 

[10] ETSI ETS 300 406 (1995): "Methods for tesfing and Specification (MTS); Protocol and profile 

conformance testing specifications; Standardization methodology". 
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2.2 



Informative references 



The following referenced documents are not necessary for the application of the present document but they assist the 
user with regard to a particular subject area. 



[i.l] 



ETSI EG 202 798: "Intelligent Transport Systems (ITS); Testing; Framework for conformance and 
interoperability testing". 



Definitions and abbreviations 



3.1 



Definitions 



For the purposes of the present document, the following terms and definitions apply: 

• terms given in IEEE 1609.2 [1], TS 102 941 [2] and in TS 102 867 [3]; 

• terms given in ISO/IEC 9646-6 [8] and in ISO/IEC 9646-7 [9]. 

3.2 Abbreviations 

For the purposes of the present document, the following abbreviations apply: 

AA Authorization Authority 

BV Normal behaviour 

CA Certification Authority 

CAM Cooperative Awareness Message 

CRL Certificate Revocation List 

CSR Certificate Signing Request 

DENM Decentralized Environmental Notification Message 

EA Enrolment Authority 

EB Exceptional Behavior 

ITS Intelligent Transport System 

ITS -AID ITS Application ID 

ITS-S ITS Station 

lUT Implementation Under Test 

MSEC Multicast Security 

PKI I'ublic Key Infrastructure 

PSID Provider Service Identifier 

SA Security Association 

SSP Service Specific Permissions 

TLS Transport Layer Security 

TP Test Purposes 

TSS Test Suite Structure 



4 Prerequisites and Test Configurations 

4.1 Test Configurations 

The test configuration 1 as shown in figure 1 is applied for the test group of CA and EA tests. 
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i 



ITS-S AA 

((|)) 

lUT (=EA) 
CF01 

Figure 1 : Test Configuration 1 

The test configuration 2 as shown in figure 2 is appHed for the test group of CA and AA tests. 



m 



ITS-S EA 

((|)) 

lUT (=AA) 
CF02 

Figure 2: Test Configuration 2 

The test configuration 3 as shown in figure 3 is appHed for the test group of ITS-S Enrolment and Authorization tests. 

((»)) ((»)) 

A 

EA AA 







IUT(=ITS-S) 
CF03 

Figure 3: Test Configuration 3 

The test configuration 4 as shown in figure 4 is appHed for the test group of ITS-S Send and Receive Data tests. 
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s s 



EA AA 
ITS-S 

((f)) 



^(?); 

4 



lUT (=ITS-S) 
CF04 

Figure 4: Test Configuration 4 

4.2 PKI Hierarchy 

The PKI Hierarchy is depicted below. Four different types of certificates are defined. They are listed hereafter. 

CERT_ROOT 

CERT_EA_x 

CERT_AA_x 

CERT_ENR_x 

CERT_AUTH_x 
These names are used in the TP definitions, where _x is a placeholder for numbering different certificates. 
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verifies- 



verifies 



4.3 



EA Certificate 
(CERT_EA_x) 



signerjd 



—. public l<ey 
■>i Issuer's signature 



Enrolment Certificate 
(CERT_ENR_x) 



signerjd 



public key 
Issuer's signature 



I trust anchor 



Root CA Certificate 
(CERT_ROOT) 

public key 
Issuer's signature 



identifies 



End-Entity 



-verifies 



AA Certificate 
(CERT_AA_x) 



signerjd 



public key 
Issuer's signature 



verifies 



identifies 



Authorization Certificate 
(CERT_AUTH_x) 



signerjd 



public key 
Issuer's signature 



Signed Data 



signer 



Issuer's signature 



identifies 



Figures: PKI Hierarchy 



Feature Restriction and Pre-Enrolment 



4.3.1 Feature Restriction 

In this clause all feature restrictions are listed: 

• Certificate chains where subordinate certificates make use of inherited permissions are not supported 

• Only circular regions 
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Only explicit certificates 

Revocation is not tested, i.e. certificate responses contain only empty revocation list 

Update Enrolment Credentials is not tested 

Remove Enrolment Credentials is not tested 

Update Authorization Tickets is not tested 

The name which identifies the CA shall be no longer that 32 bytes 

4.3.2 Pre-Enrolment 

Enrolment is the process by which an ITS-S obtains an enrolment certificate, which can later be used to authenticate 
requests for authorization certificates. An ITS-S undergoes initial enrolment by executing the Enrolment Request 
information flow from TS 102 941 [2]. 

When devices enrol with an Enrolment Authority, they should be authenticated as devices that are entitled to receive 
enrolment credentials of the type requested. There are two three different authentication approaches: 



• 



Public key: Enrolment requests are authenticated by using a private key of the ITS-S. The corresponding 
public key is previously registered with a unique ITS-S module ID at the EA in a secure process. Every ITS-S 
has to be registered separately. 

• Certificate: Enrolment requests are authenticated by a certificate or certificate chain. 

• Self-signed: Enrolment requests are signed by the public key contained in the enrolment request. In this case 
the signature provides proof of possession of the corresponding private key, but does not authenticate that the 
private key holder is in fact authorized to receive an enrolment credential of the type requested. This 
authorization is provided by other mechanisms. 

None of the three authentication approaches start at the device lifecycle: in all cases, there is the question of how the 
device is originally shown to be authenticated. The test system supports both the certificate and the self-signed forms of 
enrolment request. 

For enrolment request: 

• The test system enrolment authority shall accept the following forms of authorization, certificate and self- 
signed. 

• The test system enrolment authority shall check that the signature on the enrolment request is 
cryptographically valid. 

• In the case of an enrolment request signed by a certificate: 

The test system enrolment authority shall check that the request is consistent with the permissions in the 
certificate. 

The test system enrolment authority shall not carry out any other validation on the signing certificate. For 
example, it shall not check the signature on the signing certificate, check that the certificate chains back 
to a known CA, or check whether the signing certificate is revoked. 

The test system enrolment authority shall issue the enrolment certificate if these validity tests pass. 

From the perspective of the lUT, this has the following consequences: 

• Certificate: The lUT shall be provisioned with a certificate to authenticate enrolment before testing begins (a 
pre-enrolment certificate). 

The supplier shall provide instructions as to how to reset the lUT to a state where it has the pre- 
enrolment certificate but not the enrolment certificate, to allow the enrolment flow to be run multiple 
times. 
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The supplier shall chose between two options: 

■ The test system generates private key and public certificate for the device. 

■ The supplier generates a private key and sends a certificate signing request to the test system. 

• Self-signed: The lUT supplier shall provide instructions as to how to set the lUT into a state where it will 
request enrolment with a self-signed request. 

4.4 States in Initial Conditions 

Each TP contains an initial condition. The initial condition defines in which initial state the lUT has to be to apply the 

actual TP. In the corresponding Test Case, when the execution of the initial condition does not 

succeed, it leads to the assignment of an Inconclusive verdict. This clause defines the different initial states of the lUT. 

4.4.1 ITS-S send side states 

• Not enrolled state: ITS-S has all info necessary to send an EnrolmentRequest but does not have any Enrolment 
credentials yet 

• Awaiting EnrolmentResponse state: ITS-S has sent an EnrolmentRequest and is waiting for an 
EnrolmentResponse 

• Enrolled, but not authorized state: ITS-S has received EnrolmentResponse and is able to send 
AuthorizationRequest 

• Awaiting AuthorizationResponse state: ITS-S has sent an AuthorizationRequest and is waiting for an 
AuthorizationResponse 

• Authorized state: ITS-S has received a successful AuthorizationResponse 

4.4.2 ITS-S receive side states 

• Operational state: ITS-S has the root certificate and is ready to receive messages 

4.4.3 EA states 

• Operational state: EA has obtained its certificate and is ready to receive and send Enrolment messages 

4.4.4 A A states 

• Operational state: AA has obtained its certificate and is ready to receive and send Authorization messages 

4.5 Validity of Signed Communication 

The check of the validity of signed communication according to clause 5.5 of IEEE P1609.2/D12 [1] (e.g. consistency 
check of the certificate chain, consistency check between certificate and message etc) forms an integral part of the test 
suite and is described in TS 103 096-3 [5], clause 6. 

4.6 Introduction of Snippets of Data Structures 

The data structures in IEEE P1609.2/D12 [1] can become quite complex. In order to allow to write a TP in a concise 
form, the usage of snippets has been introduced. A snippet is a partial extract of a data structure which is assigned with 
values. A snippet can be used within a TP. Please refer to clause 6.1.8 for a complete list of all defined snippets. 
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Within a TP, any element of the snippet can be overwritten or extended. In the example below the TP extends the 
snippet MSG_ENRRSP_TS 'signature. ecdsa_signature' to ' signature. ecdsa_signature.R. type = = uncompressed'. 



when 



the lUT receives a valid CertificateResponse (EnrolmentResponse) set to MSG_ENRRSP_TS 
containing certificate chain[last1. signature. ecdsa signature . R.type 
set to uncompressed 



4.7 Variants, Variables and Snippet Naming Convention 

The TPs use the concept of variants, variables and snippets. Their definition, how they are used and their naming 
conventions are defined in this clause. 

Variants: In case where for a single field multiple values can be tested (e.g. different public key types), then a table is 
appended after the TP. This table lists all the different value which need to be tested. The TP identifier is appended with 
-X (e.g. TP/SEC/ITS-S/ENR/NB-02-X). If there are two fields for which multiple values can be tested then X and Y 
are appended. The field itself is written as X_FIELD_NAME (e.g. X_PKT_SIGNATURE). 

Variables: Variables are used in TPs in order to highlight the fact that a particular part of request message needs to re- 
appear in a response message. For example for a TP where the lUT has sent an EnrolementRequest with a permission 
list, and the test system needs to sent the same permission list back, then the denotation of V_PERM_LIST (see 
TP/SEC/ITS-S/ENR/NB-11) 

Snippets: For the definition of snippets refer to the previous clause. The naming convention for snippets is defined to 
upper case and to have no specific prefix (e.g. MSG_ENRREQ_IUT). All snippets in TPs contain hyperlinks which 
allows to navigate from the TP directly to the snippet definition. 



5 Test Suite Structure (TSS) 

5.1 Structure for Security tests 

Table 1 shows the Test Suite Structure (TSS) including its subgroups defined for conformance testing 

Table 1 : TSS for SECURITY 



Root 


Group 


Group 


category 


SEC 


CA 


ENR/AUTH 


Normal behaviour 


Exceptional behaviour 


EA 


ENR 


Normal behaviour 


Exceptional behaviour 


AA 


AUTH 


Normal behaviour 


Exceptional behaviour 


ITS-S 


ENR 


Normal behaviour 


Exceptional behaviour 


AUTH 


Normal behaviour 


Exceptional behaviour 


S-DATA 


Normal behaviour 


Exceptional behaviour 


R-DATA 


Normal behaviour 


Exceptional behaviour 



The test suite is structured as a tree with the root defined as SEC. The tree is of rank 3 with the first rank a Group, the 
second rank a sub group, and the last rank a category. 
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5.2 Test groups 



The test suite has a total of four levels. The first level is the root. The second level defines different lUTs. The third 
level defines various functional areas. The fourth level differentiates normal and exceptional behaviour. 

5.2.1 Root 

The root identifies ITS G5A as defined in IEEE 1609.2 [1], TS 102 941 [2] and TS 102 867 [3]. 

5.2.2 Groups 

There are four functional areas identified as groups: 

• Certificate Authority 

• Enrolment Authority 

• Authorization Authority 

• ITS Station 

5.2.3 Sub groups 

There are four functional areas identified as sub-groups: 

• Enrolment 

• Authorization 

• Send Data 

• Receive Data 

5.2.4 Categories 

Test categories are limited to the normal and exceptional behaviour. 

6 Test Purposes (TP) 

6.1 Introduction 

6.1 .1 TP definition conventions 

The TP definition is constructed according to EG 202 798 [i.l]. 



£75/ 



15 



ETSI TS 103 096-2 VI. 1.1 (2013-07) 



6.1 .2 TP Identifier naming conventions 

The identifier of the TP is constructed according to table 2. 



Table 2: TP naming convention 



Identifier: 


TP_< root>_<g r>_<sg r>_<x>_< n n> 








<root> = root 


SEC 






<gr> = group 


CA 


Certificate Authorithy 






EA 


Enrolment Authorithy 






AA 


Authorization Authority 






ITS-S 


ITS Station 




<sgr> =sub-group 


ENR 


Enrolment 






AUTH 


Authorization 






S-DATA 


Send Data 






R-DATA 


Receive Data 




<x> = type of testing 


NB 


Normal Behaviour 






EB 


Exceptional Behaviour 




<nn> = sequential number 




01 to 99 




<X> = Variant for 1^' permutation table 




AtoZ 




<Y> = Variant for 2"° permutation table 




AtoZ 



6.1 .3 Rules for the behaviour description 

The description of the TP is constructed according to EG 202 798 [i.l]. 
In the TP the following wordings are used: 

• "The lUT is requested to send": An upper layer requests the security layer to apply processing to a packet. 

• "The lUT receives": for packets coming from the network and given by the lower layer. 

• "The lUT is configured to": the Security Layer on the lUT is requested to include a certain data element, e.g. 
this can be manually configured or triggered by use of a application that requires this data element. 

• "The lUT accepts": the Security Layer on the lUT interprets a received message as passing all the relevant 
validity tests, including cryptographic validity, and passes it to a higher layer for interpretation. 

• "The lUT discards": the Security Layer on the lUT interprets a received message as failing at least one validity 
test and does not pass it to a higher layer (drops a received message). 

6.1 .4 Sources of TP definitions 

All TPs specified in the present document are derived from the behaviour defined in IEEE 1609.2 [1], TS 102 941 [2] 
andTS 102 867 [3]. 

6.1 .5 Mnemonics for PICS reference 

The following table lists mnemonic names and maps them to the PICS item number. 
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Table 3: Mnemonics for PICS reference 



Mnemonic 


PICS item 


PIC Generate SignPayload 


[4] Table A.5/1 


PIC Generate SignExternalPayload 


[41 Table A.5/2 


PIC Generate SignPartialPayload 


[4] Table A.5/3 


PIC Generate Identified 


[4] Table A.5/7 


PIC Generate GenerationTime 


[4] Table A.5/9 


PIC Generate GenerationLocation 


[4] Table A.5/1 


PIC Generate ExpirationTime 


[4] Table A.5/1 1 


PIC Generate Certificate 


[4] Table A.5/1 3 


PIC Generate Ecdsa224 


[4] Table A.5/1 5 


PIC Generate Ecdsa256 


[41 Table A.5/1 6 


PIC Generate ExplicitCertificates 


[41 Table A.5/1 7 


PIC Generate Uncompressed 


[41 Table A.5/1 9 


PIC Generate Compressed 


[41 Table A.5/20 


PIC Generate CompressedFastVerification 


[41 Table A.5/21 


PIC Generate UncompressedKey 


PIC Generate Uncompressed 


PIC_Generate_CompressedKey 


PIC_Generate_Compressed AND 

PIC Generate CompressedFastVerification 


PIC_Generate_XCoordinateOnlyKey 


PIC_Generate_Compressed AND NOT 
PIC Generate CompressedFastVerification 


PIC Generate SelfSigned 


[41 Table A.34/2 


PIC Generate StartValidity 


[41TableA.34/16 


PIC Generate LifetimelsDuration 


[41TableA.34/17 


PIC Generate StartValiditylsATimestamp 


NOT PIC Generate LifetimelsDuration 


PIC Generate VerificationKey224 


[41TableA.34/19 


PIC Generate VerifJcationKey256 


[41 Table A.34/20 


PIC Generate EncryptlonKey 


[41 Table A.34/21 


PIC Generate PsidArrayWitlilVloreThanSEntries 


[41 Table A.37/2 


PIC Verify Uncompressed 


[41 Table A. 14/1 7 


PIC Verify Compressed 


[41 Table A. 14/1 8 


PIC Verify CompressedFastVerification 


[41 Table A. 14/1 9 


PIC Verify UncompressedKey 


PIC Verify Uncompressed 


PIC_Verify_CompressedKey 


PIC_Verify_Compressed AND 

PIC Verify CompressedFastVerification 


PIC_Verify_XCoordinateOnlyKey 


PIC_Verify_Compressed AND NOT 
PIC Verify CompressedFastVerification 


PIC Verify SelfSigned 


[4] Table A.35/1 


PIC Verify StartValidity 


[41 Table A.41/9 


PIC Verify LifetimelsDuration 


[41TableA.41/10 


PIC Verify StartValiditylsATimestamp 


NOT PIC Verify LifetimelsDuration 


PIC Verify Verification Key224 


[4]TableA.41/11 


PIC Verify Verification Key256 


[4]TableA.41/12 


PIC Verify EncryptlonKey 


[41TableA.41/13 


PIC_Verify_PsidArrayWithlVloreTlian8Entries 


[4] Table A.45/2 
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6.1 .6 Message encapsulation 



CertificateRequest message encapsulation 



Structure 1609Dot2Data { 
containing type 

indicating encrypted 
containing encrypted_data 

containing symm_algorithm set to unl<nown 
containing recipients 
containing certjd 
containing enc_l<ey 
containing ciphertext 

/ After deciphering process / 

/ containing type / 

/ set to certificate_request / 

/ containing request / 

/ containing tlie CerticateRequest data / 

/ / 

L 



NOTE: When a TP refers to a CertificateRequest, then it is assumed that the CertificateRequest is received in a 
1 609Dot2Data as described above. 



CertificateResponse message encapsulation 



Structure 1609Dot2Data { 
containing type 

indicating encrypted 
containing encrypted_data 

containing symm_algorithnn set to unl<nown 
containing recipients 
containing certjd 
containing enc_l<ey 
containing ciphertext 

/ After deciphering process / 

/ containing type / 

/ set to certificate_response / 

/ containing request / 

/ containing the CerticateResponse data / 

/ / 

] 



NOTE: When a TP refers to a CertificateResponse, then it is assumed that the CertificateResponse is received in a 
1 609Dot2Data as described above. 



CertificateRequestError message encapsulation 



Structure 1609Dot2Data { 
containing type 

indicating encrypted 
containing encrypted_data 

containing symm_algorithm set to unl<nown 
containing recipients 
containing certjd 
containing enc_l<ey 
containing ciphertext 

/ After deciphering process — - / 

/ containing type / 
/ set to certificate_request_error / 
/ containing request / 
/ containing the CertificateRequestError data / 
/ / 

L 



NOTE: When a TP refers to a CertificateRequestError, then it is assumed that the CertificateRequestError is 
received in a 1609Dot2Data as described above. 
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6.1.7 Used constants 



NAME 


Value 


CLT 


Current Local Time 


ANY VALUE OR NONE 


* 


ANY VALUE 


? 


ANY SCOPE 


anonymous scope or id scope or sec data exch ca scope 


ETSI LAT 




ETSI LON 




NICE LAT 




NICE LON 




PARIS LAT 




PARIS LON 




PSID A 


These PSIDs shall be defined before test execution 


PSID B 


PSID C 


PSID D 


PSID E 


PSID F 


PSID G 


PSID H 


PSID 1 


These PSIDs shall be defined only when lUT supports more than 8 
PSID 


PSID J 


PSID K 


PSID L 
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6.1 .8 Snippets definitions 

6.1.8.1 Regions 

Table 4: Regions definitions 



REGION LARGE : = 








GeographicRegion { 








containing region type set to 'circ 


le' 




containing circular_region 








containing center 








containing latitude set to 


ETSI_ 


LAT 


containing longitude 


set to 


ETSI 


LON 


containing radius set to 
} 


65KM 






REGIONMEDIUM := 








GeographicRegion { 








containing region type set to 'circ 


le' 




containing circular region 








containing center 








containing latitude set to 


ETSI 


LAT 


containing longitude 


set to 


ETSI 


LON 


containing radius set to 
} 


32KM 






REGION SMALL := 








GeographicRegion { 








containing region type set to 'circ 


le' 




containing circular_region 








containing center 








containing latitude set to 


ETSI 


LAT 


containing longitude 


set to 


ETSI 


LON 


containing radius set to 
} 


IKM 






REGION OUTSIDE : = 








GeographicRegion { 








containing region type set to ' circ 


le' 




containing circular region 








containing center 








containing latitude set to 


PARIS 


LAT 


containing longitude 


set to 


PARISLON 


containing radius set to 
} 


65KM 






REGION INTERSECTING := 








GeographicRegion { 








containing region type set to ' circ 


le' 




containing circular region 








containing center 








containing latitude set to 


NICE 


LAT 


containing longitude 


set to 


NICE 


LON 


containing radius set to 
} 


65KM 







6.1.8.2 Certificates 

6.1 .8.2.1 Authorities certificates 

Table 5: Root certificate definition 



CERT ROOT := 




Certificate { 




containing version and type 




set to 'explicit certificates ' (2) 




containing unsigned certificate 




containing subject type 




set to 'root ca' 




containing cf 




set to 'use start validity' and 


'lifetime is duration' 
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not containing signer_id 
containing scope 

containing name 

set to 'ETSI Root CA' 
containing permitted_sub j ect_types 
set to array [1] { 

' sec_data_exch_ca ' 

} 
containing permissions 
containing type 

set to 'specified' 
containing permissions_list 
set to array [0] 
containing region 

containing region_type 
set to 'none' 
containing expiration 

set to '2020-12-31' 
containing lifetime 

set to 'lOY' 
containing crl_series 

set to 
containing verif ication_key 
containing algorithm 

set to ' ecdsa_nistp256_with_sha256 ' 
containing public_key 
containing type 

set to ' uncompresed' 
containing x/y 

set to a valid key for ECDSA-256 
not containing encryption_key 
containing signature 

containing ecdsa_signature 

verifiable with unsigned_certificate .verif ication_key 
containing R 

containing type 

set to 'x_coordinate_only ' 
containing x 



Table 6: Enrolment authority certificate definition 



CERT EA : = 

Certificate { 

containing version_and_type 

set to ' explicit_certif icates ' (2) 
containing unsigned_certif icate 
containing subject_type 

set to ' sec_data_exch_ca ' 
containing cf 

set to ' use_start_validity ' and ' lif etime_is_duration' 
containing signer_id 

set to the 8-byte hash of CERT_ROOT 
containing signature_alg 

set to ' ecdsa_nistp256_with_sha256 ' 
containing scope 

containing name 

set to 'ETSI EA' 
containing permitted_sub j ect_types 
set to array [1] { 

' sec_data_exch_ca ' 

} 
containing permissions 
containing type 

set to 'specified' 
containing permissions_list 
set to array [0] 
containing region 

set to REGIONLARGE 
containing expiration 

set to '2020-12-31' 
containing lifetime 

set to 'lOY' 
containing crl_series 

set to 
containing verif ication_key 
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containing algorithm 

set to ' ecdsa_nistp256_with_sha256 ' 
containing public_key 
containing type 

set to ' uncompresed' 
containing x/y 

set to a valid key for ECDSA-256 
containing encryption_key 
containing algorithm 

set to ' ecies_nistp256 ' 
containing supported_symm_alg 

set to ' aes_128_ccm' 
containing public_key 
containing type 

set to 'uncompresed' 
containing x/y 

set to a valid key for ECIES-256 
containing signature 

containing ecdsa_signature 

verifiable with CERT_ROOT. verif ication_key 
containing R 

containing type 

set to 'x_coordinate_only ' 
containing x 



Table 7: Authorization authority certificate definition 



CERT AA : = 

Certificate { 

containing version_and_type 

set to ' explicit_certif icates ' (2) 
containing unsigned_certif icate 
containing subject_type 

set to ' sec_data_exch_ca ' 
containing cf 

set to ' use_start_validity ' and ' lif etime_is_duration' 
containing signer_id 

set to the 8-byte hash of CERTROOT 
containing signature_alg 

set to ' ecdsa_nistp256_with_sha256 ' 
containing scope 

containing name 

set to 'ETSI AA' 
containing permitted_sub j ect_types 
set to array [1] { 

' sec_data_exch_ca ' 

} 
containing permissions 
containing type 

set to 'specified' 
containing permissions_list 
set to array [0] 
containing region 

set to REGIONLARGE 
containing expiration 

set to '2020-12-31' 
containing lifetime 

set to 'lOY' 
containing crl_series 

set to 
containing verif ication_key 
containing algorithm 

set to ' ecdsa_nistp256_with_sha256 ' 
containing public_key 
containing type 

set to 'uncompresed' 
containing x/y 

set to a valid key for ECDSA-256 
containing encrypt ion_key 
containing algorithm 

set to ' ecies_nistp256 ' 
containing supported_symm_alg 

set to ' aes_128_ccm' 
containing public_key 
containing type 
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set to ' uncompresed' 




containing x/y 




set to a valid key for ECIES-256 




containing signature 




containing ecdsa signature 




verifiable with CERT ROOT. verification key 




containing R 




containing type 




set to 'X coordinate only' 


} 


containing x 



6.1.8.2.2 



End-Entities certificates 



6.1.8.2.2.1 



Certificates issued by test system 

Table 8: Enrolment certificate issued by test system 



CERT ENR TS : = 

Certificate { 

containing version_and_type 

set to ' explicit_certif icates ' (2) 
containing unsigned_certif icate 
containing subject_type 

set to ' sec_data_exch_csr ' 
containing cf 

indicating ' use_start_validity ' and ' lif etime_is_duration' 
containing signer_id 

set to 8-byte hash of the CERT_EA 
containing signature_alg 

set to ' ecdsa_nistp256_with_sha256 ' 
containing scope 

containing name 

set to 'EC_SCOPE_DEFAULT' 
containing permitted_sub j ect_types 

set to MSGENRREQIUT.unsignedcsr 

. type_specif ic_data . sec_data_exch_ca_scope .permitted_subject_types 
containing permissions 

set to MSGENRREQIUT.unsignedcsr 

. type_specif ic_data . sec_data_exch_ca_scope .permissions 
containing region 

set to MSG_ENRREQ_IUT . unsigned_csr . type_specif ic_data . sec_data_exch_ca_scope . region 
containing expiration 
containing lifetime 
containing crl_series 

set to 
containing verif ication_key 

set to MSG_ENRREQ_IUT.unsigned_csr. verif ication_key 
containing signature 

containing ecdsa_signature 

verifiable with CERT_EA. verif ication_key 
containing R 

containing type 

set to ' compressed_y_0 ' or ' compressed_y_l ' 
containing x/y 

set to a valid key for ECDSA-256 
} 



NOTE: This certificate is a response to the EnrolmentRequest message MSG_ENRREQ_IUT. 



Table 9: Authorization certificate issued by test system 



CERT_AUTHTS : = 

Certificate { 

containing version_and_type 

set to ' explicit_certif icates ' (2) 
containing unsigned_certif icate 
containing subject_type 

set to ' sec_data_exch_csr ' 
containing cf 

indicating ' use_start_validity ' and ' lif etime_is_duration' 
containing signer_id 

set to 8-byte hash of the CERT_AA 
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containing signature_alg 

set to ' ecdsa_nistp256_with_sha256 ' 
containing scope 

containing name 

set to 'AC_SCOPE_DEFAUL' 
containing permitted_sub j ect_types 

set to MSGAUTHREQIUT.unsignedcsr 

. type_specif ic_data . sec_data_exch_ca_scope .permitted_subject_types 
containing permissions 

set to MSGAUTHREQIUT.unsignedcsr 

. type_specif ic_data . sec_data_exch_ca_scope .permissions 
containing region 

set to MSGAUTHREQIUT. unsigned csr 

. type_specif ic_data . sec_data_exch_ca_scope . region 
containing expiration 
containing lifetime 
containing crl_series 

set to 
containing verif ication_key 

set to MSG_AUTHREQIUT.unsigned_csr. verif ication_key 
containing signature 

containing ecdsa_signature 

verifiable with CERT_EA. verif ication_key 
containing R 

containing type 

set to ' compressed_y_0 ' or ' compressed_y_l ' 
containing x/y 

set to a valid key for ECDSA-256 



NOTE: This certificate is a response to the AuthorizationRequest message MSG_AUTHREQ_IUT. 



6.1 .8.2.2.2 Certificates issued by implementation under test 

Table 10: Enrolment certificate issued by lUT 



CERT ENR lUT : = 

Certificate { 

containing version_and_type 

set to explicit_certif icates (2) 
containing unsigned_certif icate 
containing subject_type 

set to MSG_ENRREQ_TS .unsigned_csr . subject_type 
containing cf 

set to MSGENRREQTS .unsignedcsr . cf 
containing signer_id 

set to 8-byte hash of the CERT_EA 
containing signature_alg 

set to ' ecdsa_nistp256_with_sha256 ' 
containing scope 

containing name 

containing permitted_sub j ect_types 

set to MSGENRREQTS .unsignedcsr 

. type_specif ic_data . sec_data_exch_ca_scope .permitted_subject_types 
containing permissions 

containing type set to 'specified' 
containing permissions_list 

set to the intersection between 
MSGENRREQTS . unsignedcsr 

. type_specif ic_data . sec_data_exch_ca_scope .permissions 
and CERT_EA. scope .permissions .permissions_list 
containing region 

containing region_type set to 'circle' 
containing circular_region 

set to the intersection between 

MSG_ENRREQ_TS . unsigned_csr . type_specif ic_data . sec_data_exch_ca_scope . region 
and CERT_EA. scope . region. circular_region 
containing expiration 

set to any timestamp > CLT 
containing lifetime if cf has use_start_validity and lif etime_is_duration flags set 

set to any value > expiration - CLT 
containing start_validity if cf indicating use_start_validity but not lif etime_is_duration 

set to any timestamp < CLT 
containing crl_series 
containing verif ication_key 

set to MSG_ENRREQ_TS .unsigned_csr. verif ication_key 
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containing signature 

containing ecdsa_signature 

verifiable with CERT_EA. verif ication_key 



NOTE: This certificate is a response to the EnrolmentRequest message MSG_ENRREQ_TS. 



Table 11 : Authorization certificate issued by lUT 



CERT AUTH lUT : = 

Certificate { 

containing version_and_type 

set to ' explicit_certif icates ' (2) 
containing unsigned_certif icate 
containing subject_type 

set to MSG_AUTHREQ_TS .unsigned_csr . subject_type 
containing cf 

set to MSG_AUTHREQ_TS.unsignedcsr.cf 
containing signer_id 

set to 8-byte hash of the CERT_AA 
containing signature_alg 

set to ' ecdsa_nistp256_with_sha256 ' 
containing type_specif ic_data 

containing anonymous_scope if subject_type set to ' sec_data_exch_anonymous ' 
containing permissions 

containing type set to 'specified' 
containing permissions_list 

set to the intersection between MSGAUTHREQTS .unsignedcsr 

. type_specif ic_data . sec_data_exch_ca_scope .permissions 
and CERT_AA. scope .permissions .permissions_list 
containing region 

containing region_type set to 'circle' 
containing circular_region 

set to the intersection between MSGAUTHREQTS .unsigned_csr 

. type_specif ic_data . sec_data_exch_ca_scope . region 
and CERTAA . scope . region . circular_region 
or containing id_scope if subject_type set to ' sec_data_exch_anonymous ' 
containing name [0.. 32] 
containing permitted_sub j ect_types 

set to MSGAUTHREQTS .unsignedcsr 

. type_specif ic_data . sec_data_exch_ca_scope .permitted_subject_types 
containing permissions 

containing type set to 'specified' 
containing permissions_list 

set to the intersection between MSG_AUTHREQ_TS .unsigned_csr 

. type_specif ic_data . sec_data_exch_ca_scope .permissions 
and CERT_AA. scope .permissions .permissions_list 
containing region 

containing region_type set to 'circle' 
containing circular_region 

set to the intersection between MSG_AUTHREQ_TS .unsigned_csr 

. type_specif ic_data . sec_data_exch_ca_scope . region 
and CERT_AA . scope . region . circular_region 
containing expiration 

set to any timestamp > CLT 
containing lifetime if cf has use_start_validity and lif etime_is_duration flags set 

set to any value > expiration - CLT 
containing start_validity if cf indicating use_start_validity but not lif etime_is_duration 

set to any timestamp < CLT 
containing crl_series 
containing verif ication_key 

set to MSG_AUTHREQ_TS .unsigned_csr. verif ication_key 
containing signature 

containing ecdsa_signature 

verifiable using CERT_AA. verif ication_key 



NOTE: This certificate is a response to the AuthorizationRequest message MSG_AUTHREQ_TS. 
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6.1.8.3 Messages 

6.1.8.3.1 ITS station testing 

6.1.8.3.1.1 Enrolment 

Table 12: EnrolmentRequest message received by the test system from the ITS-S 



MSG ENRREQ lUT : = 

Certif icateRequest { 

containing signer 
containing type 

set to 'certificate' or 

' certif icate_chain' or 
'self 
containing certificate if signer. type set to 'certificate' or 
containing certificates if signer. type set to ' certif icate_chain' 
containing unsigned_csr 

containing version_and_type 

set to ' explicit_certif icates ' (2) 
containing request_time 

set to any timestamp <= CLT 
containing subject_type 

set to ' sec_data_exch_csr ' 
containing cf 

not indicating ' encrypt ion_key' flag 
containing type_specif ic_data 

containing sec_data_exch_ca_scope 
containing name [0..32] 
containing permitted_sub j ect_types 
set to array [1] := { 

' sec_data_exch_anonymous ' or ' sec_data_exch_identif ied_localized' 

} 
containing permission 
containing type 

set to 'specified' 
containing permissions_list 
containing region 

containing region_type 

set to 'circle' 
containing circular_region 
containing expiration 

set to any timestamp > CLT 
containing lifetime if cf indicating ' use_start_validity ' and ' lif etime_is_duration' 
containing start_validity if cf indicating ' use_start_validity ' 

and not indicating ' lif etime_is_duration' 
set to any timestamp < expiration 
containing verif ication_key 

containing algorithm set to ' ecdsa_nistp256_with_sha256 ' 
containing public_key 
containing response_encryption_key 

containing algorithm set to ' ecies_nistp256 ' 
containing supported_symm_alg set to ' aes_128_ccm' 
containing public_key 
containing signature 

containing ecdsa_signature 
verifiable using { 

signer. certificate .unsigned_certif icate .verif ication_key 

if signer. type is 'certificate' 
or signer. certificates [last] .unsigned_cert if icate .verif ication_key 

if signer. type is ' certif icate_chain' 
or unsigned_csr. verif ication_key 
if signer. type is 'self' 
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Table 13: EnrolmentResponse message sent by the test system to the ITS-S 



MSG ENRRSP TS : = 

Certif icateResponse { 
containing f 

set to 'NotRequested' (0) 
containing certif icate_chain 
set to array [] = { 
CERT ROOT , 
CERT EA , 
CERTENRTS 

} 
containing crl_path 
set to length 



Table 14: EnrolmentRequestError message sent by the test system to the ITS-S 



MSG ENRERR TS : = 

Certif icateRequestError { 
containing signer. type 

set to 'certificate' 
containing signer . certif icate 

set to CERTEA 
containing request_hash 

set to HASH (MSGENRREQIUT) 
containing reason 
containing signature 

containing ecdsa_signature 

verifiable using CERT_EA.unsigned_certif icate .verification_key 



6.1.8.3.1.2 Authorization 

Table 15: AuthorizationRequest message received by the test system from the ITS-S 



MSG AUTHREQ lUT : = 

Certif icateRequest { 

containing signer 
containing type 

set to 'certificate' or 

' certif icate_chain ' 
containing certificate if signer. type set to 'certificate' or 
containing certificates if signer. type set to ' certif icate_chain' 
containing unsigned_csr 

containing version_and_type 

set to ' explicit_certif icates ' (2) 
containing request_time 

set to any timestamp <= CLT 
containing subject_type 

set to ' sec_data_exch_anonymous ' or ' sec_data_exch_identif ied_localized' 
containing cf 

not indicating ' encrypt ion_key' flag 
containing type_specif ic_data 

containing anonymous_scope if subject_type set to ' sec_data_exch_anonymous ' 
containing permissions 
containing type 

set to 'specified' 
containing permissions_list 
containing region 

containing region_type 

set to 'circle' 
containing circular_region 
or containing id_scope if subject_type set to ' sec_data_exch_identif ied_localized' 
containing name [0..32] 
containing permissions 
containing type 

set to 'specified' 
containing permissions_list 
containing region 

containing region_type 

set to 'circle' 
containing circular_region 
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containing expiration 

set to any timestamp > CLT 
containing lifetime if cf indicating 'use_start_validity ' and ' lif etimeisduration' 
containing start_validity if cf indicating 'use_start_validity ' 

and not indicating ' lif etime_is_duration' 

set to any timestamp < expiration 
containing verif ication_key 

containing algorithm set to ' ecdsa_nistp256_with_sha256 ' 

containing public_key 
containing response_encryption_key 

containing algorithm set to ' ecies_nistp256 ' 

containing supported_symm_alg set to ' aes_128_ccm' 

containing public_key 
containing signature 

containing ecdsa_signature 

verifiable using CERT_ENR_TS . unsigned_certif icate .verif ication_key 



Table 16: EnrolmentResponse message received by the test system from the EA 



MSG AUTHRSP TS : = 

Certif icateResponse { 
containing f 

set to 'NotRequested' (0) 
containing certif icate_chain 
set to array [] = { 
CERT ROOT , 
CERTAA, 
CERT_AUTH_TS 

} 
containing crl_path 
set to length 



Table 17: EnrolmentRequestError message sent by the test system to the ITS-S 



MSG AUTHERR TS 


: = 


Certif icateRequestError { 


containing 
set to 


signer. type 
' certificate ' 


containing 


signer. certificate 


set to 


CERT AA 


containing 
set to 


request hash 

HASH (MSG AUTHREQ lUT) 


containing 


reason 


containing 


signature 


containing ecdsa signature 

verifiable using CERT AA. unsigned certif icate .verif ication key 
} 



6.1 .8.3.1 .3 Send and Recive Data 

Table 18: 1609Dot2Data message to be sent by the test system to the ITS-S under test 



MSG SIGNED TS : = 

Structure 1609Dot2Data { 

containing protocol_version 

set to 2 
containing type 

set to ' signed' 
containing signed_data 
containing signer 
containing unsigned_data 
containing psid 
containing data 
containing signature 



£75/ 



28 ETSI TS 1 03 096-2 V1 .1 .1 (201 3-07) 

Table 19: 1609Dot2Data message received by the test system from the ITS-S under test 



MSG SIGNED lUT : = 

Structure 1609Dot2Data { 

containing protocol_version 

set to 2 
containing type 

set to ' signed' 

or set to ' signed_partial_payload' 
or set to ' signed_external_payload' 
containing signed_data 
containing signer 
containing unsigned_data 

containing psid 
containing signature 

verifiable using signer 
J 



6.1 .8.3.2 Enrolment Authority testing 

Table 20: EnrolmentRequest message sent by the test system to the EA 



MSG ENRREQ TS : = 

Certif icateRequest { 
containing signer 
containing type 

set to 'certificate' 
containing certificate 
set to CERTROOT 
containing unsigned_csr 

containing version_and_type 

set to ' explicit_certif icates ' (2) 
containing request_time 

set to CLT 
containing subject_type 

set to ' sec_data_exch_csr ' 
containing cf 

indicating ' use_start_validity ' and ' lif etime_is_duration' 
containing type_specif ic_data 

containing sec_data_exch_ca_scope 
containing name 

set to 'EC_SCOPE_DEFAULT' 
containing permitted_subj ect_types 
set to array [1] 

containing ' sec_data_exch_identif ied_localized' 
containing permission 
containing type 

set to 'specified' 
containing permissions_list 
set to array [1] 

containing PSID_A 
containing region 

set to REGIONSMALL 
containing expiration 

set to 31. Dec 2020 
containing lifetime 

set to lOY 
containing verif ication_key 
containing algorithm 

set to ' ecdsa_nistp256_with_sha256 ' 
containing public_key 
containing type 

set to 'x_coordinate_only ' 
containing x 

set to a valid key for ECDSA-256 
containing response_encryption_key 
containing algorithm 

set to ' ecies_nistp256 ' 
containing supported_symm_alg 

set to ' aes_128_ccm' 
contains public_key 
contains type 

set to 'x_coordinate_only ' 
containing x 
set to a valid key for ECIES-256 



£75/ 



29 ETSI TS 1 03 096-2 V1 .1 .1 (201 3-07) 



containing signature 

containing ecdsa_signature 

verifiable by signer. certificate .unsigned_certif icate . verif ication_key 



Table 21 : EnrolmentResponse message received by the test system from the EA 



MSG 


ENRRSP lUT := 






Certif icateResponse { 








containing f 








containing certificate chain 




set to array [3" 








containing 


CERT 


ROOT 




containing 


CERT 


EA 


} 


containing 


CERT 


ENR lUT 



Table 22: EnrolmentRequestError message received by the test system from the EA 



MSG ENRERR lUT : = 

Certif icateRequestError { 
containing signer. type 

set to 'certificate' 
containing signer . certif icate 

set to CERTEA 
containing request_hash 

set to HASH(MSG_ENRREQ_TS) 
containing reason 
containing signature 

containing ecdsa_signature 

verifiable using CERT_EA.unsigned_certif icate .verif ication_key 



6.1 .8.3.3 Authorization Authority testing 

Table 23: AuthorizationRequest message to be sent by the test system to the AA 



MSG AUTHREQ TS : = 

Certif icateRequest { 

containing signer 
containing type 

set to ' certif icate_chain' 
containing certificates 
set to array [3] 

containing CERTROOT 
containing CERTEA 
containing CERTENRIUT 
containing unsigned_csr 

containing version_and_type 

set to ' explicit_certif icates ' (2) 
containing request_time 

set to CLT 
containing subject_type 

set to ' sec_data_exch_identif ied_localized' 
containing cf 

indicating 'use_start_validity ' and ' lif etime_is_duration' 
containing type_specif ic_data 
containing id_scope 
containing name 

set to 'AC_SCOPE_DEFAULT' 
containing permissions 
containing type 

set to 'specified' 
containing permissions_list 
set to array [1] 

containing PSID_A 
containing region 

containing region_type 

set to 'circle' 
containing circular_region 
set to REGION SMALL 
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containing expiration 

set to '31 Dec 2020' 
containing lifetime 

set to 'lOY' 
containing verif ication_key 
containing algorithm 

set to ' ecdsa_nistp256_with_sha256 ' 
containing public_key 
containing type 

set to 'x_coordinate_only ' 
containing x 

set to a valid key for ECDSA-256 
containing response_encryption_key 
containing algorithm 

set to ' ecies_nistp256 ' 
containing supported_symm_alg 

set to ' aes_128_ccm' 
contains public_key 
contains type 

set to 'x_coordinate_only ' 
containing x 

set to a valid key for ECIES-256 
containing signature 

containing ecdsa_signature 

verifiable by signer. certificate .unsigned_certif icate .verif ication_key 



Table 24: AuthorizationResponse message received by the test system from the AA 



MSG 


AUTHRSP 


lUT : = 








Certif icateResponse { 










containing f 










containing certificate chain 






set 


to array [3! 












containing 


CERT 


ROOT 








containing 


CERT 


AA 




} 




containing 


CERT 


AUTH_ 


lUT 



Table 25: AuthorizationRequestError message received by the test system from the AA 



MSG AUTHERR lUT : = 

Certif icateRequestError { 
containing signer. type 

set to 'certificate' 
containing signer . certif icate 

set to CERTAA 
containing request_hash 

set to HASH (MSGAUTHREQIUT) 
containing reason 
containing signature 

containing ecdsa_signature 

verifiable using CERT_AA.unsigned_certif icate .verif ication_key 
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6.2 Test purposes for SECURITY 
6.2.1 ITS Station 



6.2.1.1 



6.2.1.1.1 



6.2.1.1.1.1 



Enrolment 



Normal Behaviour 



Enrolment Request verification 



TPId 


TP/SEC/ITS-S/ENR/NB-01 


Summary 


Check that ITS-S generates correctly a generic EnrolmentRequest message 


Reference 


IEEE P1609.2/D12[1], 6.3.33 

ETSI TS 102 941 [2] Table 1 : Contents of ITS-S EnrolmentRequest message 


Config Id 


CF03 


PICS Selection 




Initial conditions 


with { 

the lUT in 'NotEnrolled' state 
} 


Expected behaviour 


ensure that { 
when { 

the lUT is requested to send an EnrolmentRequest message 

} 
then{ 

the lUT sends a valid CertificateRequest set to MSG ENRREQ lUT 
} 
} 



TPId 


TP/SEC/ITS-S/ENR/NB-02-X 


Summary 


Check that ITS-S generates enrolment request with signature of different types 


Reference 


IEEE P1609.2/D12[1], 6.2.17 

ETSI TS 102 941 [2] Table 1 : Contents of ITS-S EnrolmentRequest message 


Config Id 


CF03 


PICS Selection 




Initial conditions 


with{ 

the lUT in 'NotEnrolled' state 

the lUT is configured to use signature of form X PKT SIGNATURE 

1 


Expected behaviour 


ensure that { 
when { 

the lUT is requested to send an EnrolmentRequest message 

} 
then{ 

the lUT sends a valid CertificateRequest set to MSG_ENRREQJUT 
containing signature. ecdsa_signature 
containing R.type 

set to X PKT SIGNATURE 

} 
} 


Variants 


X 


PIC 


X PKT SIGNATURE 


A 


PIC Generate XCoordinateOnlyKey 


X coordinate only 


B 


PIC Generate CompressedKey 


compressed Isb y 0/1 


C 


PIC Generate UncompressedKey 


uncompressed 
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TPId 


TP/SEC/ITS-S/ENR/NB-03 


Summary 


Check that ITS-S generates enrolment request with signature calculated using compressed 
representation of all public keys 


Reference 


IEEE P1609.2/D12[1], 6.2.17 

ETSI TS 102 941 [2], Table 1 : Contents of ITS-S EnrolmentRequest message 


Config Id 


CF03 


PICS Selection 


PIC Generate UncompressedKey 


Initial conditions 


with { 

the lUT in 'NotEnrolled' state 

the lUT is configured to use uncompressed public keys for verification_l<ey 

the lUT is configured to use uncompressed public keys for response encryption key 

} 


Expected behaviour 


ensure that { 
when { 

the lUT is requested to send an EnrolmentRequest message 

} 
then{ 

the lUT sends a valid CertificateRequest set to MSG_ENRREQJUT 
containing unsigned_csr.verification_key.public_key.type {V_PKT_VK) 

set to 'uncompressed' 
containing unsigned_csr.response_encryption_key.public_key.type (V_PKT_REK) 

set to 'uncompressed' 
containing signature. ecdsa_signature 

calculated using compressed representation of V PKT VK and V PKT REK 

} 
} 



TPId 


TP/SEC/ITS-S/ENR/NB-04 


Summary 


Check that ITS-S generates valid self-signed enrolment request. 


Reference 


IEEE P1609.2[1], clause 6.2.17 
ETSI TS 102 941 [2], see table 1 


Config Id 


CF03 


PICS Selection 


PIC Generate SelfSigned 


Initial conditions 


with { 

the lUT in 'NotEnrolled' state 

the lUT is configured to use a self-signed enrolment request 
} 


Expected behaviour 


ensure that { 
when { 

the lUT is requested to send an EnrolmentRequest message 

} 
then{ 

the lUT sends a valid CertificateRequest set to MSG_ENRREQ_IUT 
containing signer.type 

set to 'self 
containing signature 

verified using unsigned csr. verification key 
} 
} 
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TPId 


TP/SEC/ITS-S/ENR/NB-05 


Summary 


Check that ITS-S generates valid enrolment request with a different response_encryption_key 
for every request. 


Reference 


IEEE P1609.2/D12 [1], clause 6.3.34 
ETSI TS 102 941 [2], see table 1 


Config Id 


CF03 


PICS Selection 




Initial conditions 


with { 

the lUT in 'NotEnrolled' state 

1 


Expected behaviour 


ensure that { 
when { 

each time the lUT is requested to send an EnrolmentRequest message 

} 
then{ 

the lUT sends a valid CertificateRequest set to MSG_ENRREQJUT 
containing unsigned_csr.response_encryption_l<ey 
set to value different from the previous ones 
} 
} 



TPId 


TP/SEC/ITS-S/ENR/NB-06 


Summary 


Check that ITS-S generates valid enrolment request with a certificate containing more than 8 
PSID entries 


Reference 


IEEE P1609.2/D12 [1], clause 6.3.34 
ETSI TS 102 941 [2], see table 1 


Config Id 


CF03 


PICS Selection 


PIC Generate PsidArrayWithlVloreThanSEntries 


Initial conditions 


with { 

the lUT in 'NotEnrolled' state 

1 


Expected behaviour 


ensure that { 
when { 

the lUT is requested to send an EnrolmentRequest message with more than 8 PSID entries 

} 
then{ 

the lUT sends a valid CertificateRequest set to MSG_ENRREQ_IUT 

containing unsigned_csr.type_specific_data.permission.permissions_list 
containing more than 8 entries 
} 
} 
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6.2.1.1.1.2 



Enrolment Response acceptance 



TPId 


TP/SEC/ITS-S/ENR/NB-07 


Summary 


Check that ITS-S correctly decrypts enrolment response. 


Reference 


IEEE P1609.2/D12 [1], clause 5.6.2.1 


Config Id 


CF03 


PICS Selection 




Initial conditions 


with { 

the lUT awaiting EnrolmentResponse 
} 


Expected behaviour 


ensure that { 
when { 

the lUT receives a CertificateResponse (EnrolmentResponse) 

} 
then{ 

the lUT decrypts the response 

} 
} 



TPId 


TP/SEC/ITS-S/ENR/NB-08 


Summary 


Check that the ITS-S accepts a valid enrolment response having correct fields and values. 


Reference 


IEEE P1609.2/D12 [1], clause 5.6.2.2 
ETSI TS 102 941 [2], see table 2 


Config Id 


CF03 


PICS Selection 




Initial conditions 


with { 

the lUT having sent an EnrolmentRequest set to MSG_ENRREQ_IUT 
containing unsigned_csr.type_specific_data.sec_data_exch_ca_scope 
containing permissions. permissionsjist (V_PERM_LIST) 
the lUT awaiting EnrolmentResponse 
1 


Expected behaviour 


ensure that { 
when { 

the lUT receives a valid CertificateResponse (EnrolmentResponse) set to MSG_ENRRSP_TS 
containing response.certificate_chain[last] 

containing unsigned certificate. scope. permissions.permissions list 
set to V PERM LIST 

} 
then{ 

the lUT accepts the CertificateResponse 

} 
} 
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TPId 


TP/SEC/ITS-S/ENR/NB-09 


Summary 


Check that the ITS-S accepts a valid enrolment response even if the permissions in the issued 
certificate are a subset of requested permissions 


Reference 


IEEE P1609.2/D12 [1], clause 5.6.2.2 
ETSI TS 102 941 [2], see table 2 


Config Id 


CF03 


PICS Selection 




Initial conditions 


with { 

the lUT having sent an EnrolmentRequest set to MSG_ENRREQ_IUT 
containing unsigned_csr.type_specific_data.sec_data_exch_ca_scope 
containing permissions. permissionsjist (V_PERM_LIST) 
the lUT awaiting EnrolmentResponse 
} 


Expected behaviour 


ensure that { 
when { 

the lUT receives a valid CertificateResponse (EnrolmentResponse) set to MSG_ENRRSP_TS 

containing response.certificate chain[last]. unsigned certificate. scope.permissions.permissions list 
set to a subset of V PERM LIST 

} 
then{ 

the lUT accepts the CertificateResponse 

} 
1 
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TPId 


TP/SEC/ITS-S/ENR/NB-10-X 


Summary 


Check that ITS-S accepts enrolment response with different public key types 


Reference 


IEEE P1609.2/D12 [1], clause 6.2.17 
ETSITS102 941 [2], see table 2 


Config Id 


CF03 


PICS Selection 




Initial conditions 


with{ 

the lUT awaiting EnrolmentResponse 
1 


Expected behaviour 


ensure that { 
when { 

the lUT receives a valid CertificateResponse (EnrolmentResponse) set to MSG_ENRRSP_TS 
containing certificate_chain[last] 

containing verification key.public key .type 

set to X_PKT_VK 
containing signature. ecdsa signature. R.type 
set to X PKT SIGNATURE 

} 
then{ 

the lUT accepts the CertificateResponse 
} 
} 


Variants 


X 


X PKT SIGNATURE 


X PKT VK 


PIC Selection 


A 


compressed Isb y 0/1 


compressed Isb y 0/1 


PIC Verify CompressedKeyKey 


B 


compressed_lsb_y_0/1 


x_coordinate_only 


PIC_Verify_CompressedKeyKey 
PIC Verify XCoordinateOnlyKey 


C 


compressed Isb y 0/1 


uncompressed 


PIC Verify UncompressedKey 


D 


x_coordinate_only 


compressed_lsb_y_0/1 


PIC_Verify_CompressedKeyKey 
PIC Verify XCoordinateOnlyKey 


E 


X coordinate only 


X coordinate only 


PIC Verify XCoordinateOnlyKey 


F 


x_coordinate_only 


uncompressed 


PIC_Verify_UncompressedKey 
PIC Verify XCoordinateOnlyKey 


G 


uncompressed 


compressed_lsb_y_0/1 


PIC_Verify_UncompressedKey 
PIC Verify CompressedKeyKey 


H 


uncompressed 


x_coordinate_only 


PIC_Verify_UncompressedKey 
PIC Verify XCoordinateOnlyKey 


1 


uncompressed 


uncompressed 


PIC_Verify_UncompressedKey 
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TPId 


TP/SEC/ITS-S/ENR/NB-1 1 


Summary 


Check that the ITS-S accepts a valid enrolment response with signature calculated using 
compressed representation of uncompressed public keys. 


Reference 


IEEE P1609.2/D12 [1], clause 6.2.17 
ETSI TS 102 941 [2], see table 2 


Config Id 


CF03 


PICS Selection 


PIC Verify UncompressedKey 


Initial conditions 


with { 

the lUT awaiting EnrolmentResponse 
1 


Expected behaviour 


ensure that { 
when { 

the lUT receives a CertificateResponse (EnrolmentResponse) set to MSG_ENRRSP_TS 
containing certificate_chain[last] 

containing unsigned_certificate.verification_key.public_l<ey.type (V_PKT_VK) 

set to 'uncompressed' 
containing signature. ecdsa_signature 

calculated using compressed representation of V PKT VK 

} 
then{ 

the lUT accepts the CertificateResponse 

} 
1 



TPId 


TP/SEC/ITS-S/ENR/NB-1 2 


Summary 


Check that the ITS-S accepts a valid enrolment response with start validity and lifetime. 


Reference 


IEEE P1609.2/D12 [1], clause 6.3.2 
ETSI TS 102 941 [2], see table 2 


Config Id 


CF03 


PICS Selection 




Initial conditions 


with { 

the lUT awaiting EnrolmentResponse 
} 


Expected behaviour 


ensure that { 
when { 

the lUT receives a CertificateResponse (EnrolmentResponse) set to MSG_ENRRSP_TS 

containing certificate_chain[last].unsigned_certificate 
containing cf 

indicating use_start_validity 

indicating lifetime_is_duration 
containing lifetime 

set to '1 or 

} 
then{ 

the lUT accepts the CertificateResponse 
} 
} 
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TPId 


TP/SEC/ITS-S/ENR/NB-13 


Summary 


Check that the ITS-S accepts a valid enrolment response with start validity value. 


Reference 


IEEE P1609.2/D12 [1], clause 6.3.2 
ETSI TS 102 941 [2], see table 2 


Config Id 


CF03 


PICS Selection 


NOT PIC Verify LifetimelsDuration 


Initial conditions 


with { 

the lUT awaiting EnrolmentResponse 
1 


Expected behaviour 


ensure that { 
when { 

the lUT receives a valid CertificateResponse (EnrolmentResponse) set to MSG_ENRRSP_TS 
containing certificate_chain[last].unsigned_certificate 
containing of 

indicating 'use_start_validity' 
and not indicating 'lifetime_is_duration' 
containing expiration 
containing start_validity 

set to a timestamp < expiration 

} 
then{ 

the lUT accepts the CertificateResponse 

} 
} 



6.2.1.1.1.3 



Enrolment Request Error acceptance 



TPId 


TP/SEC/ITS-S/ENR/NB-14 


Summary 


Check that ITS-S correctly decrypts enrolment request error. 


Reference 


IEEE P1609.2/D12 [1], clause 5.6.2.1 


Config Id 


CF03 


PICS Selection 




Initial conditions 


with { 

the lUT awaiting EnrolmentResponse 
} 


Expected behaviour 


ensure that { 
when { 

the lUT receives a CertificateRequestError (EnrolmentResponse) 

} 
then{ 

the lUT decrypts the response 

} 
1 
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TPId 


TP/SEC/ITS-S/ENR/NB-15 


Summary 


Check that the ITS-S accepts a valid enrolment request error having correct fields and values. 


Reference 


IEEE P1609.2/D12 [1], clause 5.6.2.2 
ETSI TS 102 941 [2], see table 3 


Config Id 


CF03 


PICS Selection 




Initial conditions 


with { 

the lUT having sent an EnrolmentRequest (V_REQUEST) set to MSG_ENRREQ_IUT 

the lUT awaiting EnrolmentResponse 
1 


Expected behaviour 


ensure that { 
when { 

the lUT receives a valid CertificateRequestError (EnrolmentResponse) set to MSG_ENRERR_TS 
containing request hash 

set to the hash of the V_REQUEST 

calculated using compressed representation of all public keys 

} 
then{ 

the lUT accepts the CertificateRequestError 
} 
} 



TPId 


TP/SEC/ITS-S/ENR/NB-16-X 


Summary 


Check that ITS-S accepts enrolment request error with various types of signature public keys. 


Reference 


IEEE P1609.2/D12 [1], clause 6.2.17 
ETSI TS 1 02 941 [2], see table 3 


Config Id 


CF03 


PICS Selection 




Initial conditions 


with { 

the lUT awaiting EnrolmentResponse 
1 


Expected behaviour 


ensure that { 
when { 

the lUT receives a valid CertificateRequestError (EnrolmentResponse) set to MSG_ENRERR_TS 
containing signature. ecdsa signature. R.type 
set to X PKT SIGNATURE 

} 
then{ 

the lUT accepts the CertificateRequestError 
} 
} 


Variants 


X 


X PKT SIGNATURE 


PIC Selection 


A 


X coordinate only 


PIC Verify XCoordinateOnlyKey 


B 


compressed Isb y 0/1 


PIC Verify CompressedKey 


C 


uncompressed 


PIC_Verify_UncompressedKey 
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6.2.1.1.2 



Exceptional Behavior 



TPId 


TP/SEC/ITS-S/ENR/EB-01 


Summary 


Checl< that ITS-S discards enrolment response if the subordinate certificate's validity region is 
large than the issuing certificate's validity region. 


Reference 


IEEE P1609.2/D12 [1], clause 5.5.3.3 


Config Id 


CF03 


PICS Selection 




Initial conditions 


with { 

the lUT awaiting EnrolmentResponse 
and the TS configured to use EA certificate CERT_EA 
containing unsigned certificate. scope. region 
set to REGION SMALL 

} 


Expected behaviour 


ensure that { 
when { 

the lUT receives a CertificateResponse (EnrolmentResponse) set to MSG_ENRRSP_TS 
containing certificate_chain[last] (CERT_ENR_TS) 
containing unsigned certificate. scope. region 
set to REGION LARGE 

} 
then{ 

the lUT discards the CertificateResponse 

} 

} 



TPId 


TP/SEC/ITS-S/ENR/EB-02 


Summary 


Check that ITS-S discards enrolment response if the subordinate certificate's validity region is 
outside of the issuing certificate's validity region. 


Reference 


IEEE P1609.2/D12 [1], clause 5.5.3.3 


Config Id 


CF03 


PICS Selection 




Initial conditions 


with { 

the lUT awaiting EnrolmentResponse 
and the TS configured to use EA certificate CERT_EA 
containing unsigned certificate. scope. region 
set to REGION SMALL 

} 


Expected behaviour 


ensure that { 
when { 

the lUT receives a CertificateResponse (EnrolmentResponse) set to MSG_ENRRSP_TS 
containing certificate_chain[last] (CERT_ENR_TS) 
containing unsigned certificate. scope. region 
set to REGION OUTSIDE 

} 
then{ 

the lUT discards the CertificateResponse 
} 
} 
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TPId 


TP/SEC/ITS-S/ENR/EB-03 


Summary 


Checl< that ITS-S discards enrolment response if the subordinate certificate's validity period is 
longer than issuing certificate's validity period. 


Reference 


IEEE P1609.2/D12 [1], clause 5.5.3.3 


Config Id 


CF03 


PICS Selection 




Initial conditions 


with { 

the lUT awaiting EnrolmentResponse 

and the TS configured to use EA certificate CERT EA 
1 


Expected behaviour 


ensure that { 
when { 

the lUT receives a CertificateResponse (EnrolmentResponse) set to MSG_ENRRSP_TS 
containing certificate_chain[last] (CERT_ENR_TS) 

containing unsigned certificate. expiration > CERT EA.unsigned certificate.expiration 

} 
then{ 

the lUT discards the CertificateResponse 
} 
} 



TPId 


TP/SEC/ITS-S/ENR/EB-04 


Summary 


Check that ITS-S discards enrolment response if the subordinate certificate's permissions are 
not included in issuing certificate. 


Reference 


IEEE P1609.2/D12 [1], clause 5.5.3.3 


Config Id 


CF03 


PICS Selection 




Initial conditions 


with { 

the lUT has sent a valid EnrolmentRequest set to MSG_ENRREQ_IUT 

containing unsigned_csr.type_specific_data.sec_data_exch_ca_scope.permissions.permissions_list 
set to array [2] 

containing PSID_A 
containing PSID_B 
and the lUT awaiting EnrolmentResponse 
} 


Expected behaviour 


ensure that { 
when { 

the lUT receives a CertificateResponse (EnrolmentResponse) set to MSG_ENRRSP_TS 
containing certificate_chain[last-1] (CERT_EA) 

containing unsigned_certificate. scope. permissions.permissionsjist 
set to array[1] 

containing PSID_A 
containing certificate_chain[last] (CERT_ENR_TS) 

containing unsigned_certificate. scope. permissions.permissionsjist 
set to array[1] 

containing PSID B 

} 
then{ 

the lUT discards the CertificateResponse 
} 
} 
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TPId 


TP/SEC/ITS-S/ENR/EB-05-X 


Summary 


Check that ITS-S discards enrolment response if the message content type is different than 
'encrypted'. 


Reference 


IEEE P1609.2/D12 [1], clause 5.6.2.1 


Config Id 


CF03 


PICS Selection 




Initial conditions 


with { 

the lUT awaiting EnrolmentResponse 
1 


Expected behaviour 


ensure that { 
when { 

the lUT receives a 1609Dot2Data structure 
containing type 

set to XJNVALID_CONTENT_TYPE 
containing encrypted_data.ciphertext 


containing type 

set to 'certificate_response' 
containing response 

set to MSG ENRRSP TS 
/ 

} 
then{ 

the lUT discards the received message 
} 
} 


Variants 


X 


X INVALID CONTENT TYPE 


A 


unsecured (0), 


B 


signed(1) 


C 


certificate request(3) 


D 


certificate response{4) 


E 


anonymous certificate response(5) 


F 


certificate request error(6) 


G 


cri request(7) 


H 


crl(8) 


1 


signed partial payload{9) 


J 


signed external payload(IO) 


K 


signed wsa(11) 


L 


certificate response acknowledgment (12) 


M 


ANY_VALUE(128) 
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TPId 


TP/SEC/ITS-S/ENR/EB-06-X 


Summary 


Check that ITS-S discards enrolment response if the protocol version is not 2. 


Reference 


IEEE P1609.2/D12 [1], clause 6.2.1 


Config Id 


CF03 


PICS Selection 




Initial conditions 


with{ 

the lUT awaiting EnrolmentResponse 
1 


Expected behaviour 


ensure that { 
when { 

the lUT receives a 1609Dot2Data structure 
containing protocol version 

set to XJNVALID_VERSION_NUMBER 
containing type 

set to 'encrypted' 
containing encrypted_data.ciphertext 


containing type 

set to 'certificate_response' 
containing response 

set to MSG ENRRSP TS 
/ 

} 
then{ 

the lUT discards the received message 
} 
} 


Variants 


X 


X INVALID VERSION NUMBER 


A 





B 


1 


C 


3 


D 


255 



TPId 


TP/SEC/ITS-S/ENR/EB-07 


Summary 


Check that ITS-S discards enrolment request error if the signer type is not valid. 


Reference 


IEEE P1609.2/D12 [1], clause 6.2.4 


Config Id 


CF03 


PICS Selection 




Initial conditions 


with { 

the lUT awaiting EnrolmentResponse 
1 


Expected behaviour 


ensure that { 
when { 

the lUT receives a 1609Dot2Data structure 
containing signed_data.signer.type 
set to 'self 

} 
then{ 

the lUT discards the received message 
} 
} 
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TPId 


TP/SEC/ITS-S/ENR/EB-08-X 


Summary 


Check that ITS-S discards enrolment respond if the certificate is not an explicit one. 


Reference 


IEEE P1609.2/D12 [1], clause 6.3.1 


Config Id 


CF03 


PICS Selection 




Initial conditions 


with{ 

the lUT awaiting EnrolmentResponse 
1 


Expected behaviour 


ensure that { 
when { 

the lUT receives a CertificateResponse (EnrolmentResponse) set to MSG_ENRRSP_TS 
containing certificate chain[last]. version and type 
set to X INVALID CERT VERSION AND TYPE 

} 
then{ 

the lUT discards the received message 
} 
} 


Variants 


X 


X INVALID CERT VERSION AND TYPE 


A 





B 


1 


C 


3 


D 


255 



TPId 


TP/SEC/ITS-S/ENR/EB-09 


Summary 


Check that ITS-S discards enrolment response if the hash was not calculated using 
compressed representation of public keys. 


Reference 


IEEE P1609.2/D12 [1], clause 6.3.1 


Config Id 


CF03 


PICS Selection 


PIC Verify UncompressedKey 


Initial conditions 


with { 

the lUT awaiting EnrolmentResponse 

and the TS configured to use EA certificate CERT_EA 

containing unsigned_certificate.verification_key.publlc_key.type (V_PKT_VK_EA) 

set to 'uncompressed' 
containing unsigned_certificate.encryption_key.public_key.type (V_PKT_EK_EA) 
set to 'uncompressed' 
} 


Expected behaviour 


ensure that { 
when { 

the lUT receives a CertificateResponse (EnrolmentResponse) set to MSG_ENRRSP_TS 
containing certificate_chain[last] 

containing unsigned_certificate.signer_id 

calculated using uncompressed representation of V PKT VK EA and V PKT EK EA 

} 
then{ 

the lUT discards the received message 

} 
1 
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TPId 


TP/SEC/ITS-S/ENR/EB-1 


Summary 


Checl< that ITS-S discards enrolment response without specified expiration time. 


Reference 


IEEE P1609.2/D12 [1], clause 6.3.2 


Config Id 


CF03 


PICS Selection 




Initial conditions 


with { 

the lUT awaiting EnrolmentResponse 
1 


Expected behaviour 


ensure that { 
when { 

the lUT receives a CertificateResponse (EnrolmentResponse) set to MSG_ENRRSP_TS 
containing certificate_chain[last].unsigned_certificate. expiration 
set to 

} 
then{ 

the lUT discards the received message 
} 
} 



TPId 


TP/SEC/ITS-S/ENR/EB-1 1 


Summary 


Check that ITS-S discards enrolment response which includs PSIDs that are not specified in 
upper certificates. 


Reference 


IEEE P1609.2/D12 [1], clause 6.3.2 


Config Id 


CF03 


PICS Selection 




Initial conditions 


with { 

the lUT awaiting EnrolmentResponse 
} 


Expected behaviour 


ensure that { 
when { 

the lUT receives a CertificateResponse (EnrolmentResponse) set to MSG_ENRRSP_TS 
containing certificate_chain 

set to array with length > 1 
containing certificate_chain[last-1].unsigned_certificate.scope.permissions.permissions_list 
set to array[1] 

containing PSID_A 
containing certificate_chain[last].unsigned_certificate.scope.permisslons.permlssions_list 
set to array[1] 

containing PSID B 

} 
then{ 

the lUT discards the CertificateResponse 

} 
} 
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TPId 


TP/SEC/ITS-S/ENR/EB-1 2 


Summary 


Checl< that ITS-S discards enrolment response if it has duplicated PSID. 


Reference 


IEEE P1609.2/D12 [1], clause 6.3.9 


Config Id 


CF03 


PICS Selection 




Initial conditions 


with { 

the lUT having sent an EnrolmentRequest set to MSG_ENRREQJUT 
containing unsigned_csr.type_specific_data.sec_data_exch_ca_scope 
containing permissions. permissionsjist (V_PERM_LIST) 
the lUT awaiting EnrolmentResponse 
1 


Expected behaviour 


ensure that { 
when { 

the lUT receives a CertificateResponse (EnrolmentResponse) set to MSG_ENRRSP_TS 
containing unsigned_certificate. scope. permissions.permissionsjist 
set to array[2] 

containing V PERM LIST[0] 
containing V PERM LIST[0] 

} 
then{ 

the lUT discards the received message 
} 
1 



TPId 


TP/SEC/ITS-S/ENR/EB-1 3-X 


Summary 


Check that ITS-S discards enrolment response if the latitude is less than -900 000 000 or 
greater than 900 000 000. 


Reference 


IEEE P1609.2/D12 [1], clause 6.3.18 


Config Id 


CF03 


PICS Selection 




Initial conditions 


with { 

the lUT awaiting EnrolmentResponse 
} 


Expected behaviour 


ensure that { 
when { 

the lUT receives a CertificateResponse (EnrolmentResponse) set to MSG_ENRRSP_TS 
containing certificate_chain[last].unsigned_certificate 
containing scope. region.circular region.center.latitude 
set to X INVALID LATITUDE 

} 
then{ 

the lUT discards the received message 

} 
1 


Variants 


X 


X INVALID LATITUDE 


A 


900000001 


B 


-900000001 
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TPId 


TP/SEC/ITS-S/ENR/EB-1 4-X 


Summary 


Checl< that ITS-S discards enrolment response if the longitude is less than -1 800 000 000 or 
greater than 1 800 000 000. 


Reference 


IEEE P1609.2/D12 [1], clause 6.3.18 


Config Id 


CF03 


PICS Selection 




Initial conditions 


with { 

the lUT awaiting EnrolmentResponse 
1 


Expected behaviour 


ensure that { 
when { 

the lUT receives a CertificateResponse set to MSG_ENRRSP_TS 
containing certificate_chain[last].unsigned_certificate 

containing scope. region.circular region.center.longitude 
set to X INVALID LONGITUDE 

} 
then{ 

the lUT discards the received message 
} 
} 


Variants 


X 


X INVALID LONGITUDE 


A 


1800000001 


B 


-1800000001 



6.2.1.2 



Authorization 



6.2.1.2.1 



Normal Behavior 



TPId 


TP/SEC/ITS-S/AUTH/NB-01 


Summary 


Check that ITS-S generates correctly a generic AuthorizationRequest message. 


Reference 


ETSI TS 102 941 [2], see table 4 


Config Id 


GF03 


PICS Selection 




Initial conditions 


with { 

the lUT in Enrolled state 
} 


Expected behaviour 


ensure that { 
when { 

the lUT is requested to send an AuthorizationRequest message 

} 
then{ 

the lUT sends a valid CertificateRequest set to MSG AUTHREQ lUT 

} 
} 
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TPId 


TP/SEC/ITS-S/AUTH/NB-02-X 


Summary 


Check that ITS-S generates authorization request with various signature types. 


Reference 


IEEE P1609.2/D12 [1], clause 6.2.17 


Config Id 


CF03 


PICS Selection 




Initial conditions 


with { 

the lUT in Enrolled state 

the lUT is configured to use signature of type X PKT SIGNATURE 

1 


Expected behaviour 


ensure that { 
when { 

the lUT is requested to send an AuthorizationRequest message 

} 
then{ 

the lUT sends a valid CertificateRequest set to MSG_AUTHREQ_IUT 
containing signature. ecdsa signature. R.type 
set to X PKT SIGNATURE 

} 
} 


Variants 


X 


PIC Selection 


X PKT SIGNATURE 


A 


PIC Generate CompressedKey 


compressed Isb y 0/1 


B 


PIC Generate XCoordinateOnlyKey 


X coordinate only 


C 


PIC_Generate_UncompressedKey 


uncompressed 



TPId 


TP/SEC/ITS-S/AUTH/NB-03 


Summary 


Check that ITS-S generates valid authorization request with a certificate containing lifetime field 
when cf flag is set use start validity and lifetime is duration. 


Reference 


IEEE P1609.2/D12 [1], clause 6.3.2 


Config Id 


CF03 


PICS Selection 


PIC Generate StartValidity AND PIC Generate LifetimelsDuration 


Initial conditions 


with { 

the lUT in Enrolled state 

the lUT is configured to use use start validity and lifetime is duration 
} 


Expected behaviour 


ensure that { 
when { 

the lUT is requested to send an AuthorizationRequest message 

} 
then{ 

the lUT sends a valid CertificateRequest set to MSG_AUTHREQ_IUT 
containing unsigned_csr 
containing cf 

indicating 'use_start_validity'_ 
indicating 'lifetime_is_duration' 
containing lifetime 
} 
} 
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TPId 


TP/SEC/ITS-S/AUTH/NB-04 


Summary 


Check that ITS-S generates valid authorization request with a certificate containing start_validity 
field when cf flag is set use start validity. 


Reference 


IEEE P1609.2/D12 [1], clause 6.3.2 


Config Id 


CF03 


PICS Selection 


PIC Generate StartValidity AND NOT PIC Generate LifetimelsDuration 


Initial conditions 


with { 

the lUT in Enrolled state 

the lUT is configured to use 'use start validity' but not 'lifetime is duration' 
1 


Expected behaviour 


ensure that { 
when { 

the lUT is requested to send an AuthorizationRequest message 

} 
then{ 

the lUT sends a valid Certificate Request set to MSG_AUTHREQJUT 
containing unsigned_csr 
containing of 

indicating 'use_start_validity' 
not indicating 'lifetime_is_duration' 
containing start validity 
} 
1 



TPId 


TP/SEC/ITS-S/AUTH/NB-05 


Summary 


Check that ITS-S generates valid authorization request with a CSR certificate with name of 
length > and <= 32. 


Reference 


IEEE P1609.2/D12 [1], clause 6.3.19 


Config Id 


CF03 


PICS Selection 




Initial conditions 


with { 

the lUT in Enrolled state 
} 


Expected behaviour 


ensure that { 
when { 

the lUT is requested to send an AuthorizationRequest message 

} 
then{ 

the lUT sends a valid CertificateRequest set to MSG_AUTHREQJUT 
containing unsigned_csr.containing type_specific_data.id_scope.name 
set to value of length > and <= 32 or of length zero (see Note) 
} 
} 


NOTE: Value of length is encoded as '00'. 



£75/ 



50 



ETSI TS 103 096-2 V1.1.1 (2013-07) 



TPId 


TP/SEC/ITS-S/AUTH/NB-06 


Summary 


Check that ITS-S generates valid authorization request with a certificate containing more than 8 
entries in the permissions list field. 


Reference 


IEEE P1609.2/D12 [1], clause 6.3.9 


Config Id 


CF03 


PICS Selection 


PIC Generate PsidArrayWithlVloreThanSEntries 


Initial conditions 


with { 

the lUT in Enrolled state 
1 


Expected behaviour 


ensure that { 
when { 

the lUT is requested to send an AuthorizationRequest message with more than 8 PSID entries 

} 
then{ 

the lUT sends a valid CertificateRequest set to MSG_AUTHREQJUT 

containing unsigned_csr.type_specific_data.id_scope. permissions. permissionsjist 
set to array with length > 8 
} 
} 



TPId 


TP/SEC/ITS-S/AUTH/NB-07-X 


Summary 


Check that ITS-S generates valid authorization request with a certificate containing 1 to 8 
entries in the permissions list field. 


Reference 


IEEE P1609.2/D12 [1], clause 6.3.23 


Config Id 


CF03 


PICS Selection 




Initial conditions 


with { 

the lUT in Enrolled state 
} 


Expected behaviour 


ensure that { 
when { 

the lUT is requested to send an AuthorizationRequest message with X N PSID items 

} 
then{ 

the lUT sends a valid CertificateRequest set to MSG_AUTHREQJUT 

containing unsigned_csr.type_specific_data.id_scope. permissions. permissionsjist 
set to array with length X N 

} 
} 


Variants 


X 


X N 


A 


1 


B 


4 


C 


8 
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TPId 


TP/SEC/ITS-S/AUTH/NB-08 


Summary 


Check that ITS-S generates valid authorization request with a valid hash. 


Reference 


IEEE P1609.2/D12 [1], clause 6.3.1 


Config Id 


CF03 


PICS Selection 


PIC Generate UncompressedKey 


Initial conditions 


with { 

the lUT in Enrolled state 

the lUT has obtained an Enrolment Certificate {CERT_ENR_TS) 

containing unsigned_certificate.verification_key.public_key.type (V_PKT_VK_ENR) 
set to 'uncompressed' 
1 


Expected behaviour 


ensure that { 
when { 

the lUT is requested to send an AuthorizationRequest message 

} 
then{ 

the lUT sends a valid CertificateRequest set to MSG_AUTHREQ_IUT 
containing signer 

containing certificate or certificates[last] 
containing unsigned_certificate.signer_id 

calculated using compressed representation of V PKT VK ENR 

} 
} 



TPId 


TP/SEC/ITS-S/AUTH/NB-09 


Summary 


Check that ITS-S generates valid authorization request with a valid signature. 


Reference 


IEEE P1609.2/D12 [1], clause 6.3.33 


Config Id 


CF03 


PICS Selection 


PIC Generate UncompressedKey 


Initial conditions 


with { 

the lUT in Enrolled state 

the lUT is configured to send requests with uncompressed verification_key 

the lUT is configured to send requests with uncompressed response encryption key 

} 


Expected behaviour 


ensure that { 
when { 

the lUT is requested to send an AuthorizationRequest message 

} 
then{ 

the lUT sends a valid CertificateRequest set to MSG_AUTHREQ_IUT 
containing unsigned_csr.verification_key.public_key.type {V_PKT_VK) 

set to 'uncompressed' containing unsigned csr.response encryption key.public key.type 
(V_PKT_REK) 

set to 'uncompressed' 
containing signature. ecdsa_signature 

calculated using compressed representation of V PKT VK and V PKT REK 

} 
} 
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TPId 


TP/SEC/ITS-S/AUTH/NB-1 


Summary 


Check that ITS-S generates valid authorization request with a different 
response encryption key for every request. 


Reference 


[1], clause 6.3.34 


Config Id 


CF03 


PICS Selection 




Initial conditions 


with { 

the lUT in Enrolled state 
1 


Expected behaviour 


ensure that { 
when { 

each time the lUT is requested to send an AuthorizationRequest message 

} 
then{ 

the lUT sends a valid CertificateRequest set to MSG_AUTHREQJUT 
containing unsigned_csr.response_encryption_key 
set to value <> from the previous ones 
} 
} 



TPId 


TP/SEC/ITS-S/AUTH/NB-1 1 


Summary 


Check that the ITS-S accepts a valid authorization response having correct fields and values. 


Reference 


ETSI TS 1 02 867 [3], clause 5.1.2.1, table 1 4 


Config Id 


CF03 


PICS Selection 




Initial conditions 


with { 

the lUT in Enrolled state 

the lUT has sent a valid AuthorizationRequest set to MSG AUTHREQ lUT 

} 


Expected behaviour 


ensure that { 
when { 

the lUT receives a valid Certificate Response (AuthorizationResponse) set to MSG AUTHRSP TS 

} 
then{ 

the lUT accepts the CertificateResponse 

} 
} 



£75/ 



53 



ETSI TS 103 096-2 V1.1.1 (2013-07) 



TPId 


TP/SEC/ITS-S/AUTH/NB-1 2 


Summary 


Check that the ITS-S accepts a valid authorization response having correct fields and values. 


Reference 


IEEE P1609.2/D12 [1], clause 5.6.2.2 


Config Id 


CF03 


PICS Selection 




Initial conditions 


with { 

the lUT in Enrolled state 

the lUT has sent a valid CertificateRequest set to MSG_AUTHREQ_IUT 
containing unsigned_csr.type_specific_data.permission.permissions_list 
set to array 

containing PSID_A 
containing PSID_B 

} 


Expected behaviour 


ensure that { 
when { 

the lUT receives a valid Certificate Response set to MSG_AUTHRSP_TS 

containing certificate_chain[last].unsigned_certificate.type_specific_data.ANY_SCOPE 
containing permissions. permissionsjist 
set to array 

not containing PSID A 

} 
then{ 

the lUT accepts the CertificateResponse 

} 
} 



TPId 


TP/SEC/ITS-S/AUTH/NB-1 3-X 


Summary 


Check that the ITS-S accepts a valid authorization response signed by ecdsa_signature with 
different public key types. 


Reference 


IEEE P1609.2/D12 [1], clause 6.2.17 


Config Id 


CF03 


PICS Selection 




Initial conditions 


with { 

the lUT in Enrolled state 

the lUT has sent a valid AuthorizationRequest set to MSG AUTHREQ lUT 

} 


Expected behaviour 


ensure that { 
when { 

the lUT receives a valid CertificateResponse (AuthorizationResponse) to MSG_AUTHRSP_TS 
containing certificate chain[last]. signature. ecdsa signature. R 
containing type set to X PKT SIGNATURE 

} 
then{ 

the lUT accepts the CertificateResponse 

} 
} 


Variants 


X 


PIC Selection 


X PKT SIGNATURE 


A 


PIC Verify CompressedKey 


compressed Isb y 0/1 


B 


PIC Verify XCoordinateOnlyKey 


X coordinate only 


C 


PIC Verify UncompressedKey 


uncompressed 
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TPId 


TP/SEC/ITS-S/AUTH/NB-1 4 


Summary 


Check that the ITS-S accepts a valid authorization response with start validity. 


Reference 


IEEE P1609.2/D12 [1], clause 6.3.2 


Config Id 


CF03 


PICS Selection 


PIC Verify StartValidity AND PIC Verify LifetimelsDuration 


Initial conditions 


with { 

the lUT in Enrolled state 

the lUT has sent a valid AuthorizationRequest set to MSG AUTHREQ lUT 

1 


Expected behaviour 


ensure that { 
when { 

the lUT receives a valid CertificateResponse set to MSG_AUTHRSP_TS 
containing certificate_chain[last].unsigned_certificate 
containing cf 

indicating 'use_start_validity' 
not indicating 'lifetime_is_duration' 
containing start_validity 
not containing lifetime 

} 
then{ 

the lUT accepts the CertificateResponse 

} 
1 



6.2.1.2.2 



Exceptional Behavior 



TPId 


TP/SEC/ITS-S/AUTH/EB-01 -X 


Summary 


Check that the ITS-S discards an authorization response having a non-permitted subject type. 


Reference 


ETSI TS 102 867 [3], clause 5.1.2.1, IEEE P1609.2/D12 [1], clauses 5.5.3.3 and 5.6.1.2 


Config Id 


CF03 


PICS Selection 




Initial conditions 


with { 

the lUT in Enrolled state 

the lUT has sent a valid AuthorizationRequest set to MSG AUTHREQ lUT 

} 


Expected behaviour 


ensure that { 
when { 

the lUT receives a CertificateResponse (AuthorizationResponse) set to MSG_AUTHRSP_TS 
containing certificate chain[last]. unsigned certificate. subject type 
set to X INVALID SUBJECT TYPE 

} 
then{ 

the lUT discards the CertificateResponse 

} 
1 


Variants 


X 


X INVALID SUBJECT TYPE 


A 


sec data exch identified not localized (1) 


B 


sec data exch csr (3) 


C 


wsa (4) 


D 


wsa csr (5) 


E 


sec data exch ca(6) 


F 


wsa ca (7) 


H 


cri signer(8) 


1 


root ca (255) 


G 


ANY OTHER (128) 
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TPId 


TP/SEC/ITS-S/AUTH/EB-02-X 


Summary 


Check that the ITS-S discards an authorization response having a non-permitted cf. 


Reference 


ETSI TS 102 867 [3], clause 5.1.2.1, IEEE P1609.2/D12 [1], clauses 5.5.3.3 and 5.6.1.2 


Config Id 


CF03 


PICS Selection 




Initial conditions 


with { 

the lUT in Enrolled state 

the lUT has sent a valid AuthorizationRequest set to MSG AUTHREQ lUT 

1 


Expected behaviour 


ensure that { 
when { 

the lUT receives a CertificateResponse set to MSG_AUTHRSP_TS 
containing certificate chain[last]. unsigned certificate.cf 
indicating X INVALID CONTENT FLAGS 

} 
then{ 

the lUT discards the CertificateResponse 

} 
} 


Variants 


X 


X INVALID SUBJECT TYPE 


PIC Selection 


A 


use start validity (0) 


NOT PIC Verify StartValidity 


B 


encryption key (2) 







any value (3) 





TPId 


TP/SEC/ITS-S/AUTH/EB-03-X 


Summary 


Check that the ITS-S discards an authorization response having a non-permitted 
PsidArray.type. 


Reference 


ETSI TS 102 867 [3], clause 5.1.2.1, IEEE P1609.2/D12 [1], clauses 5.5.3.3 and 5.6.1.2 


Config Id 


CF03 


PICS Selection 




Initial conditions 


with { 

the lUT in Enrolled state 

the lUT has sent a valid AuthorizationRequest set to MSG AUTHREQ lUT 

1 


Expected behaviour 


ensure that { 
when { 

the lUT receives a CertificateResponse (AuthorizationResponse) set to MSG_AUTHRSP_TS 

containing certificate chain[last]. unsigned certificate.type specific data.ANY SCOPE. permissions.type 
set to a X INVALID PERM TYPE 

} 
then{ 

the lUT discards the CertificateResponse 
} 
} 


Variants 


X 


X INVALID PERM TYPE 


A 


from issuer (0) 


B 


Any value (3) 


C 


Any value (255) 



£75/ 



56 



ETSI TS 103 096-2 V1.1.1 (2013-07) 



TPId 


TP/SEC/ITS-S/AUTH/EB-04 


Summary 


Check that the ITS-S discards an authorization response requesting acknowledgement. 


Reference 


ETSI TS 102 867 [3], clause 5.1.2.1, IEEE P1609.2/D12 [1], clauses 5.5.3.3 and 5.6.1.2 


Config Id 


CF03 


PICS Selection 




Initial conditions 


with { 

the lUT in Enrolled state 

the lUT has sent a valid AuthorizationRequest set to MSG AUTHREQ lUT 

1 


Expected behaviour 


ensure that { 
when { 

the lUT receives a CertificateResponse (AuthorizationResponse) set to MSG_AUTHRSP_TS 
containing f 

indicating 'Requested' 

} 
then{ 

the lUT discards the CertificateResponse 

} 
} 



TPId 


TP/SEC/ITS-S/AUTH/EB-05 


Summary 


Check that the ITS-S discards an authorization response that does not comply with the 
authorization request. 


Reference 


ETSI TS 102 867 [3], clause 5.1.2.1, IEEE P1609.2/D12 [1], clauses 5.5.3.3 and 5.6.1.2 


Config Id 


CF03 


PICS Selection 




Initial conditions 


with { 

the lUT in Enrolled state 

the lUT has sent a valid AuthorizationRequest set to MSG AUTHREQ lUT 

1 


Expected behaviour 


ensure that { 
when { 

the lUT receives a CertificateResponse (AuthorizationResponse) set to MSG_AUTHRSP_TS 
containing fields that does not comply with the authorization request 

} 
then{ 

the lUT discards the CertificateResponse 
} 
} 
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TPId 


TP/SEC/ITS-S/AUTH/EB-06 


Summary 


Check that the ITS-S discards an authorization response error with incorrect 
signerldentifier type. 


Reference 


ETSI TS 102 867 [3], clause 5.1.2.1, IEEE P1609.2/D12 [1], clauses 5.5.3.3 and 5.6.1.2 


Config Id 


CF03 


PICS Selection 




Initial conditions 


with { 

the lUT in Enrolled state 

the lUThassentavalid AuthorizationRequestsetto MSG AUTHREQ lUT 

1 


Expected behaviour 


ensure that { 
when { 

the lUT receives a CertificateRequestError set to MSG_AUTHERR_TS 
containing signer.type 
set to 'self 

} 
then{ 

the lUT discards the CertificateRequestError 
} 
} 



TPId 


TP/SEC/ITS-S/AUTH/EB-07-X 


Summary 


Check that the ITS-S discards an authorization response error having a non-permitted 
subject type. 


Reference 


ETSI TS 102 867 [3], clause 5.1.2.1, IEEE P1609.2/D12 [1], clauses 5.5.3.3 and 5.6.1.2 


Config Id 


CF03 


PICS Selection 




Initial conditions 


with { 

the lUT in Enrolled state 

the lUT has sent a valid AuthorizationRequest set to MSG AUTHREQ lUT 

1 


Expected behaviour 


ensure that { 
when { 

the lUT receives a CertificateRequestError set to MSG_AUTHERR_TS 
containing signer.certificates[last]. unsigned certificate.subject type 
set to X INVALID SUBJECT TYPE 

} 
then{ 

the lUT discards the CertificateRequestError 
} 
} 


Variants 


X 


X INVALID SUBJECT TYPE 


A 


sec data exch identified not localized (1) 


B 


sec data exch csr (3) 


C 


wsa (4) 


D 


wsa csr (5) 


E 


sec data exch ca(6) 


F 


wsa ca (7) 


H 


cri signer(8) 


1 


root ca (255) 


G 


ANY OTHER (128) 
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TPId 


TP/SEC/ITS-S/AUTH/EB-08 


Summary 


Check that the ITS-S discards an authorization response having the subordinate certificate's 
validity region not wholly contained in the issuing certificate's validity region. 


Reference 


ETSI TS 102 867 [3], clause 5.1.2.1, IEEE P1609.2/D12 [1], clauses 5.5.3.3 and 5.6.1.2 


Config Id 


CF03 


PICS Selection 




Initial conditions 


with { 

the lUT in Enrolled state 

the lUThassentavalid AuthorizationRequestsetto MSG AUTHREQ lUT 

1 


Expected behaviour 


ensure that { 
when { 

the lUT receives a CertificateResponse set to MSG_AUTHRSP_TS 
containing certificate chain[n].scope. region 

set to REGION_SMALL 
containing certificate chain[n+1].scope.region 
set to REGION INTERSECTING 

} 
then{ 

the lUT discards the CertificateResponse 
} 
} 



TPId 


TP/SEC/ITS-S/AUTH/EB-09 


Summary 


Check that the ITS-S discards an authorization response error having the subordinate 
certificate's validity region not wholly contained in the issuing certificate's validity region. 


Reference 


ETSI TS 102 867 [3], clause 5.1.2.1, IEEE P1609.2/D12 [1], clauses 5.5.3.3 and 5.6.1.2 


Config Id 


CF03 


PICS Selection 




Initial conditions 


with { 

the lUT in Enrolled state 

the lUT has sent a valid AuthorizationRequest set to MSG AUTHREQ lUT 

} 


Expected behaviour 


ensure that { 
when { 

the lUT receives a CertificateRequestError set to MSG_AUTHERR_TS 
containing signer 

containing certificates[n].scope. region 

set to REGION_SMALL 
containing certificates[n+1]. scope. region 
set to REGION INTERSECTING 

} 
then{ 

the lUT discards the CertificateRequestError 
} 
} 
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TPId 


TP/SEC/ITS-S/AUTH/EB-1 


Summary 


Check that the ITS-S discards an authorization response having the subordinate certificate's 
validity region not within in the issuing certificate's validity region. 


Reference 


ETSI TS 102 867 [3], clause 5.1.2.1, IEEE P1609.2/D12 [1], clauses 5.5.3.3 and 5.6.1.2 


Config Id 


CF03 


PICS Selection 




Initial conditions 


with { 

the lUT in Enrolled state 

the lUThassentavalid AuthorizationRequestsetto MSG AUTHREQ lUT 

1 


Expected behaviour 


ensure that { 
when { 

the lUT receives a CertificateResponse set to MSG_AUTHRSP_TS 
containing certificate chain[n].scope. region 

set to REGION_SMALL 
containing certificate chain[n+1].scope.region 
set to REGION OUTSIDE 

} 
then{ 

the lUT discards the CertificateResponse 
} 
} 



TPId 


TP/SEC/ITS-S/AUTH/EB-1 1 


Summary 


Check that the ITS-S discards an authorization response error having the subordinate 
certificate's validity region not within in the issuing certificate's validity region. 


Reference 


ETSI TS 102 867 [3], clause 5.1.2.1, IEEE P1609.2/D12 [1], clauses 5.5.3.3 and 5.6.1.2 


Config Id 


CF03 


PICS Selection 




Initial conditions 


with { 

the lUT in Enrolled state 

the lUT has sent a valid AuthorizationRequest set to MSG AUTHREQ lUT 

} 


Expected behaviour 


ensure that { 
when { 

the lUT receives a CertificateRequestError set to MSG_AUTHERR_TS 
containing signer 

containing certificates[n].scope. region 

set to REGION_SMALL 
containing certificates[n+1]. scope. region 
set to REGION OUTSIDE 

} 
then{ 

the lUT discards the CertificateRequestError 
} 
} 
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TPId 


TP/SEC/ITS-S/AUTH/EB-1 2 


Summary 


Check that the ITS-S discards an authorization response having the subordinate certificate 
operational permissions are not a subset ofthe issuing certificate operational permissions. 


Reference 


ETSI TS 102 867 [3], clause 5.1.2.1, IEEE P1609.2/D12 [1], clauses 5.5.3.3 and 5.6.1.2 


Config Id 


CF03 


PICS Selection 




Initial conditions 


with { 

the lUT in Enrolled state 

the lUThassentavalid AuthorizationRequestsetto MSG AUTHREQ lUT 

1 


Expected behaviour 


ensure that { 
when { 

the lUT receives a CertificateResponse set to MSG_AUTHRSP_TS 
containing certificate_chain[n]. scope. permissions 

not indicating PSID_A 
containing certificate_chain[n+1 ]. scope. permissions 
indicating PSID A 

} 
then{ 

the lUT discards the CertificateResponse 
} 
} 



TPId 


TP/SEC/ITS-S/AUTH/EB-1 3 


Summary 


Check that the ITS-S discards an authorization response error having the subordinate certificate 
operational permissions are not a subset ofthe issuing certificate operational permissions. 


Reference 


ETSI TS 1 02 867 [3] clause 5.1 .2.1 , IEEE PI 609.2/D1 2 [1], 5.5.3.3, 5.6.1 .2 


Config Id 


CF03 


PICS Selection 




Initial conditions 


with { 

the lUT in Enrolled state 

the lUT has sent a valid AuthorizationRequest set to MSG AUTHREQ lUT 

} 


Expected behaviour 


ensure that { 
when { 

the lUT receives a CertificateRequestError set to MSG_AUTHERR_TS 
containing signer 

containing certificates[n].scope. permissions 

not indicating PSID_A 
containing certificates[n+1]. scope. permissions 
indicating PSID A 

} 
then{ 

the lUT discards the CertificateRequestError 
} 
} 
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TPId 


TP/SEC/ITS-S/AUTH/EB-1 4-X 


Summary 


Check that the ITS-S discards an authorization response encapsulated into 1609Dot2Data with 
protocol version not egal to 2. 


Reference 


IEEE P1609.2/D12 [1], clause 6.2.1 


Config Id 


CF03 


PICS Selection 




Initial conditions 


with { 

the lUT in Enrolled state 

the lUThassentavalid AuthorizationRequestsetto MSG AUTHREQ lUT 

1 


Expected behaviour 


ensure that { 
when { 

the lUT receives a 1609Dot2Data structure 
containing protocol version 

set to XJNVALID_VERSION_NUMBER 
containing type 

set to 'encrypted' 
containing encrypted_data.ciphertext 


containing type 

set to 'certificate_response' 
containing request 

set to MSG AUTHRSP TS 
/ 

} 
then{ 

the lUT discards the CertificateResponse 
} 
} 


Variants 


X 


X INVALID VERSION NUMBER 


A 





B 


1 


C 


3 


D 


255 
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TPId 


TP/SEC/ITS-S/AUTH/EB-1 5-X 


Summary 


Check that the ITS-S discards an authorization request error encapsulated into 1609Dot2Data 
with protocol version not egal to 2. 


Reference 


IEEE P1609.2/D12 [1], clause 6.2.1 


Config Id 


CF03 


PICS Selection 




Initial conditions 


with { 

the lUT in Enrolled state 

the lUThassentavalid AuthorizationRequestsetto MSG AUTHREQ lUT 

1 


Expected behaviour 


ensure that { 
when { 

the lUT receives a 1609Dot2Data structure 
containing protocol version 

set to XJNVALID_VERSION_NUMBER 
containing type 

set to 'encrypted' 
containing encrypted_data.ciphertext 


containing type 

set to 'certificate_request_error' 
containing request 

set to MSG AUTHERR TS 
/ 

} 
then{ 

the lUT discards the CertificateResponse 
} 
} 


Variants 


X 


X INVALID VERSION NUMBER 


A 





B 


1 


C 


3 


D 


255 



TPId 


TP/SEC/ITS-S/AUTH/EB-1 6 


Summary 


Check that the ITS-S discards an authorization response with zero value in all expiration fields. 


Reference 


IEEE P1609.2/D12 [1], clause 6.3.2 


Config Id 


CF03 


PICS Selection 




Initial conditions 


with { 

the lUT in Enrolled state 

the lUT has sent a valid AuthorizationRequest set to MSG AUTHREQ lUT 

1 


Expected behaviour 


ensure that { 
when { 

the lUT receives a CertificateResponse (AuthorizationResponse) set to MSG_AUTHRSP_TS 

containing certificate_chain[last].unsigned_certificate 
containing expiration 
set to 

} 
then{ 

the lUT discards the CertificateResponse 
} 
} 
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TPId 


TP/SEC/ITS-S/AUTH/EB-1 7 


Summary 


Check that the ITS-S discards an authorization response with duplicate PSIDs. 


Reference 


IEEE P1609.2/D12 [1], clause 6.3.9 


Config Id 


CF03 


PICS Selection 




Initial conditions 


with { 

the lUT in Enrolled state 

the lUT has sent a valid AuthorizationRequest set to MSG AUTHREQ lUT 

1 


Expected behaviour 


ensure that { 
when { 

the lUT receives a CertificateResponse (AuthorizationResponse) set to MSG_AUTHRSP_TS 
containing certificate_chain[last].unsigned_certificate 

containing type_specific_data.ANY_SCOPE.permissions.permissions_list 
set to array[2] 

containing PSID_A 
containing PSID A 

} 
then{ 

the lUT discards the CertificateResponse 
} 
} 



TPId 


TP/SEC/ITS-S/AUTH/EB-1 8-X 


Summary 


Check that the ITS-S discards an authorization response with wrongly encoded latitude field. 


Reference 


IEEE P1609.2/D12 [1], clause 6.3.18 


Config Id 


CF03 


PICS Selection 




Initial conditions 


with { 

the lUT in Enrolled state 

the lUT has sent a valid AuthorizationRequest set to MSG AUTHREQ lUT 

1 


Expected behaviour 


ensure that { 
when { 

the lUT receives a CertificateResponse (AuthorizationResponse) set to MSG_AUTHRSP_TS 
containing certificate_chain[last].unsigned_certificate 
containing scope. region.circular region.center.latitude 
set to X INVALID LATITUDE 

} 
then{ 

the lUT discards the CertificateResponse 
} 
} 


Variants 


X 


X INVALID LATITUDE 


A 


900000001 


B 


-900000001 
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TPId 


TP/SEC/ITS-S/AUTH/EB-1 9-X 


Summary 


Check that the ITS-S discards an authorization response with wrongly encoded longitude field. 


Reference 


IEEE P1609.2/D12 [1], clause 6.3.18 


Config Id 


CF03 


PICS Selection 




Initial conditions 


with { 

the lUT in Enrolled state 

the lUT has sent a valid AuthorizationRequest set to MSG AUTHREQ lUT 

1 


Expected behaviour 


ensure that { 
when { 

the lUT receives a CertificateResponse set to MSG_AUTHRSP_TS 
containing certificate_chain[last].unsigned_certificate 

containing scope. region.circular region.center.longitude 
set to X INVALID LONGITUDE 

} 
then{ 

the lUT discards the CertificateResponse 
} 
} 


Variants 


X 


X INVALID LONGITUDE 


A 


1800000001 


B 


-1800000001 



TPId 


TP/SEC/ITS-S/AUTH/EB-20 


Summary 


Check that the ITS-S discards an authorization response with an empty PsidSspArray. 


Reference 


IEEE P1609.2/D12 [1], clause 6.3.23 


Config Id 


CF03 


PICS Selection 




Initial conditions 


with { 

the lUT in Enrolled state 

the lUT has sent a valid AuthorizationRequest set to MSG AUTHREQ lUT 

} 


Expected behaviour 


ensure that { 
when { 

the lUT receives a CertificateResponse (AuthorizationResponse) set to MSG_AUTHRSP_TS 

containing certificate_chain[last].unsigned_certificate 
containing ANY_SCOPE. permissions. permissionsjist 
set to array of length 

} 
then{ 

the lUT discards the CertificateResponse 
} 
} 



£75/ 



65 



ETSI TS 103 096-2 V1.1.1 (2013-07) 



TPId 


TP/SEC/ITS-S/AUTH/EB-21 


Summary 


Check that the ITS-S discards an authorization response with a certificate having a too long 
service specific permission field. 


Reference 


IEEE P1609.2/D12 [1], clause 6.3.24 


Config Id 


CF03 


PICS Selection 




Initial conditions 


with { 

the lUT in Enrolled state 

the lUThassentavalid AuthorizationRequestsetto MSG AUTHREQ lUT 

1 


Expected behaviour 


ensure that { 
when { 

the lUT receives a CertificateResponse set to MSG_AUTHRSP_TS 

containing certificate_chain[last].unsigned_certificate 

containing type_specific_data.ANY_SCOPE.permissions.permissions_list 
set to array[1] 

containing a PsidSpp (V_PSIDSSPP_A) 
containing service_specific_permission 
longer than 31 octets 
containing a service_specific_permission 
having a length > 32 octets 

} 
then{ 

the lUT discards the CertificateResponse 
} 
} 



TPId 


TP/SEC/ITS-S/AUTH/EB-22 


Summary 


Check that the ITS-S discards an authorization request error with having a wrongly calculated 
request hash. 


Reference 


IEEE P1609.2/D12 [1], clause 6.3.1 


Config Id 


CF03 


PICS Selection 


PIC Verify UncompressedKey 


Initial conditions 


with { 

the lUT in Enrolled state 

the lUT has sent a valid AuthorizationRequest set to MSG_AUTHREQ_IUT 
containing unsigned_csr.verification_key.public_key.type {V_PKT_VK) 
set to 'uncompressed' 
1 


Expected behaviour 


ensure that { 
when { 

the lUT receives a CertificateRequestError set to MSG_AUTHERR_TS 
containing request_hash 

calculated using uncompressed representation of V PKT VK 

} 
then{ 

the lUT discards the CertificateRequestError 
} 
} 
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6.2.1.3 



Sending Data 



TPId 


TP/SEC/ITS-S/S-DATA/NB-01 


Summary 


Checl< that ITS-S sends a correctly signed message with payload. 


Reference 


IEEE P1609.2/D12 [1], clause 6.2.7 


Config Id 


CF04 


PICS Selection 


PIC Generate SignPayload 


Initial conditions 


with { 

the lUT in Authorized state 
1 


Expected behaviour 


ensure that { 
when { 

the lUT is requested to send a signed message 

} 
then{ 

the lUT sends a valid 1609Dot2Data set to MSG SIGNED lUT 

} 
1 



TPId 


TP/SEC/ITS-S/S-DATA/NB-02 


Summary 


Check that ITS-S sends correctly signed message with partial payload. 


Reference 


IEEE P1609.2/D12 [1], clause 6.2.7 


Config Id 


CF04 


PICS Selection 


PIC Generate SignPartialPayload 


Initial conditions 


with { 

the lUT in Authorized state 
} 


Expected behaviour 


ensure that { 
when { 

the lUT is requested to send a signed message with partial data 

} 
then{ 

the lUT sends a valid 1609Dot2Data set to MSG_SIGNEDJUT 
containing type 

set to 'signed_partial_payload' 
containing signed_data.unsigned_data 
containing data 
} 
} 
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TPId 


TP/SEC/ITS-S/S-DATA/NB-03 


Summary 


Check that ITS-S sends correctly signed message with external payload. 


Reference 


IEEE P1609.2/D12 [1], clause 6.2.7 


Config Id 


CF04 


PICS Selection 


PIC Generate SignExternalPayload 


Initial conditions 


with { 

the lUT in Authorized state 
1 


Expected behaviour 


ensure that { 
when { 

the lUT is requested to send a signed message with external data 

} 
then{ 

the lUT sends a valid 1609Dot2Data set to MSG_SIGNEDJUT 
containing type 

set to 'signed_external_payload' 
containing signed_data.unsigned_data 
not containing data 
} 
} 



TPId 


TP/SEC/ITS-S/S-DATA/NB-04 


Summary 


Check that if ITS-S generates correctly a signed message containing the generation time. 


Reference 


IEEE P1609.2/D12 [1], clause 6.2.7 


Config Id 


CF04 


PICS Selection 


PIC Generate SignPayload AND PIC Generate GenerationTlme 


Initial conditions 


with { 

the lUT in Authorized state and 

the lUT is configured to include generation time when signing a message 

1 


Expected behaviour 


ensure that { 
when { 

the lUT is requested to send a signed message 

} 
then{ 

the lUT sends a valid 1609Dot2Data set to MSG_SIGNEDJUT 
containing signed_data.unsigned_data 
containing tf 

indicating 'use_generation_time' 
containing generation time 
} 
} 
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TPId 


TP/SEC/ITS-S/S-DATA/NB-05 


Summary 


Check that if ITS-S generates correctly multiple signed messages containing the generation 
time. 


Reference 


IEEE P1609.2/D12 [1], clause 6.2.7 


Config Id 


CF04 


PICS Selection 


PIC Generate SignPayload AND PIC Generate GenerationTime 


Initial conditions 


with { 

the lUT in Authorized state and 

the lUT is configured to include generation time when signing a message and 

the lUT has previously sent a signed message (V MSG 0) 

1 


Expected behaviour 


ensure that { 
when { 

the lUT is requested to send a new signed message 

} 
then{ 

the lUT sends a valid 1609Dot2Data set to MSG_SIGNEDJUT 
containing signed_data.unsigned_data 
containing tf 

indicating 'use_generation_time' 
containing generationjime 

set to a value > V MSG O.signed data.unsigned data.generation time and < CLT 
} 
} 



TPId 


TP/SEC/ITS-S/S-DATA/NB-06 


Summary 


Check that if ITS-S generates correctly a ToBeSignedData containing the expiry time. 


Reference 


IEEE P1609.2/D12 [1], clause 6.2.7 


Config Id 


CF04 


PICS Selection 


PIC Generate SignPayload AND PIC Generate ExpirationTime 


Initial conditions 


with { 

the lUT in Authorized state and 

the lUT is configured to include expiry time when signing a message 

} 


Expected behaviour 


ensure that { 
when { 

the lUT is requested to send a signed message 

} 
then{ 

the lUT sends a valid 1609Dot2Data set to MSG_SIGNEDJUT 
containing signed_data.unsigned_data 
containing tf 

indicating 'expires' 
containing expiry time 
} 
} 
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TPId 


TP/SEC/ITS-S/S-DATA/NB-07 


Summary 


Check that if ITS-S generates correctly a ToBeSignedData containing the generation location. 


Reference 


IEEE P1609.2/D12 [1], clause 6.2.7 


Config Id 


CF04 


PICS Selection 


PIC Generate SignPayload AND PIC Generate GenerationLocation 


Initial conditions 


with { 

the lUT in Authorized state and 

the lUT is configured to include generation location when signing a message 
1 


Expected behaviour 


ensure that { 
when { 

the lUT is requested to send a signed message 

} 
then{ 

the lUT sends a valid 1609Dot2Data set to MSG_SIGNEDJUT 
containing signed_data.unsigned_data 
containing tf 

indicating 'usejocation' 
containing generation location 
} 
} 



TPId 


TP/SEC/ITS-S/S-DATA/NB-08 


Summary 


Check that the ITS-S can generate valid signed data with ecdsa nistp256 with sha256. 


Reference 


IEEE P1609.2/D12 [1], clause 6.2.15 


Config Id 


CF04 


PICS Selection 


PIC Generate SignPayload AND PIC Generate Ecdsa256 


Initial conditions 


with { 

the lUT in Authorized state and 

the lUT is configured to use 'ecdsa nistp256 with sha256' as PKAIgorithm when signing a message 
1 


Expected behaviour 


ensure that { 
when { 

the lUT is requested to send a signed message 

} 
then{ 

the lUT sends a valid 1609Dot2Data set to MSG_SIGNEDJUT 
containing signed_data 
containing signer 
containing type 

set to 'certificate_digest_with_ecdsap256' 
containing digest 
containing signature. algorithm 

set to 'ecdsa ecdsa nistp256 with sha256' 
} 
} 
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TPId 


TP/SEC/ITS-S/S-DATA/NB-09 


Summary 


Check that the ITS-S can generate valid signed data with ecdsa nistp224 with sha224. 


Reference 


IEEE P1609.2/D12 [1], clause 6.2.15 


Config Id 


CF04 


PICS Selection 


PIC Generate SignPayload AND PIC Generate Ecdsa224 


Initial conditions 


with { 

the lUT in Authorized state and 

the lUT is configured to use ecdsa nistp224 with sha??4 as PKAIgorithm when signing a message 
1 


Expected behaviour 


ensure that { 

when { the lUT is requested to send a signed message 

} 
then{ 

the lUT sends a valid 1609Dot2Data set to MSG_SIGNEDJUT 
containing signed_data 
containing signer 
containing type 

set to 'certificate_digest_with_ecdsap224' 
containing digest 
containing signature 
containing algorithm 

set to 'ecdsa ecdsa nistp224 with sha224' 
} 
} 



TPId 


TP/SEC/ITS-S/S-DATA/NB-1 0-X 


Summary 


Check that ITS-S generates signed data with signature with different public key types. 


Reference 


IEEE P1609.2/D12 [1], clause 6.2.15 


Config Id 


CF04 


PICS Selection 


PIC Generate SignPayload 


Initial conditions 


with { 

the lUT in Authorized state 

the lUT is configured to sign messages using signatures with public key type of form X PKT SIGNATURE 

} 


Expected behaviour 


ensure that { 
when { 

the lUT is requested to send a signed message 

} 
then{ 

the lUT sends a valid 1609Dot2Data set to MSG_SIGNEDJUT 
containing signed_data 

containing signature. ecdsa signature. R.type 
set to X PKT SIGNATURE 

} 
1 


Variants 


X 


PIC Selection 


X PKT SIGNATURE 


A 


PIC Generate CompressedKeyPublicKey 


compressed Isb y or compressed Isb y 1 


B 


PIC Generate XCoordinateOnlyPublicKey 


X coordinate only 


C 


PIC Generate UncompressedKeyPublicKey 


uncompressed 
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TPId 


TP/SEC/ITS-S/S-DATA/NB-1 1 


Summary 


Check that ITS-S generates valid signed data with a certificate containing lifetime field when cf 
flag is set to lifetime is duration. 


Reference 


IEEE P1609.2/D12 [1], clause 6.3.2 


Config Id 


CF04 


PICS Selection 


PIC_Generate_SignPayload AND PIC_Generate_StartValidity AND 
PIC Generate LifetimelsDuration 


Initial conditions 


with { 

the lUT in Authorized state and 

the lUT is configured to put certificate in each of the signed message 
1 


Expected behaviour 


ensure that { 
when { 

the lUT is requested to send a signed message 

} 
then{ 

the lUT sends a valid 1609Dot2Data set to MSG_SIGNEDJUT 
containing signed_data.signer 
containing type 

set to 'certificate' 
containing certificate. unsigned_certificate 
containing cf 

indicating 'lifetime_is_duration' 
containing lifetime 
} 
} 



TPId 


TP/SEC/ITS-S/S-DATA/NB-1 2 


Summary 


Check that ITS-S generates valid signed data with a certificate containing start validity field. 


Reference 


IEEE P1609.2/D12 [1], clause 6.3.2 


Config Id 


CF04 


PICS Selection 


PIC_Generate_SignPayload AND PIC_Generate_StartValidity AND NOT 
PIC Generate LifetimelsDuration 


Initial conditions 


with { 

the lUT in Authorized state and 

the lUT is configured to put certificate in each of the signed message 
} 


Expected behaviour 


ensure that { 
when { 

the lUT is requested to send a signed message 

} 
then{ 

the lUT sends a valid 1609Dot2Data set to MSG_SIGNEDJUT 
containing signed_data.signer 
containing type 

set to 'certificate' 
containing certificate. unsigned_certificate 
containing cf 

indicating 'use_start_validity' 
containing start validity 
} 
1 
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TPId 


TP/SEC/ITS-S/S-DATA/NB-1 3 


Summary 


Check that ITS-S generates valid signed data with a certificate containing encryption key field. 


Reference 


IEEE P1609.2/D12 [1], clause 6.3.2 


Config Id 


CF04 


PICS Selection 


PIC Generate SignPayload AND PIC Generate EncryptionKey 


Initial conditions 


with { 

the lUT in Authorized state and 

the lUT is configured to put certificate in each of the signed message 
1 


Expected behaviour 


ensure that { 
when { 

the lUT is requested to send a signed message 

} 
then{ 

the lUT sends a valid 1609Dot2Data set to MSG_SIGNEDJUT 
containing signed_data.signer 
containing type 

set to 'certificate' 
containing certificate. unsigned_certificate 
containing cf 

indicating 'encryption_key' 
containing encryption key 
} 
} 



TPId 


TP/SEC/ITS-S/S-DATA/NB-1 4 


Summary 


Check that ITS-S generates valid signed data with a certificate containing more than 8 entries in 
the permissions list field. 


Reference 


IEEE P1609.2/D12 [1], clause 6.3.9 


Config Id 


CF04 


PICS Selection 


PIC Generate SignPayload AND PIC Generate PsidArrayWithMoreThanSEntries 


Initial conditions 


with { 

the lUT in Authorized state and 

the lUT is configured to put certificate in each of the signed message 

the CERT AUTH TS. scope. permissions. permissions list contains 9 PSID items 

} 


Expected behaviour 


ensure that { 
when { 

the lUT is requested to send a signed message 

} 
then{ 

the lUT sends a valid 1609Dot2Data set to MSG_SIGNEDJUT 
containing signed_data.signer 
containing type 

set to 'certificate' 
containing certificate. unsigned_certificate.scope. permissions. permlssionsjist 
containing 9 entries 
} 
} 
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6.2.1.4 Receiving Data 

6.2.1.4.1 Normal Behavior 



6.2.1.4.1.1 



Signature verification 



TPId 


TP/SEC/ITS-S/R-DATA/NB-01 -X 


Summary 


Check that ITS-S accepts valid signed data from another ITS-S when the Signer Identifier is a 
Certificate Digest and the signature contains public key with various types. 


Reference 


ETSI TS 102 867 [3], clause 5.1.4 


Configuration 


CF04 


PICS Selection 




Initial conditions 


with { 

lUT In the operational state 

} 


Expected behaviour 


ensure that { 
when { 

the lUT receives a valid 1 609Dot2Data set to MSG_SIGNED_TS 
containing signed_data 
containing signer.digest 

set to certificate_digest_wlth_ecdsa_p256 of CERT_AUTH_TS 
containing a valid signature 

containing ecdsa signature. R.type 
set to X PKT SIGNATURE 

} 
then{ 

the lUT accepts the message 

} 
} 


Variants 


X 


PIC Selection 


X PKT SIGNATURE 


A 


PIC Verify CompressedKeyPublicKey 


compressed Isb y or compressed Isb y 1 


B 


PIC Verify XCoordinateOnlyPublicKey 


X coordinate only 


C 


PIC_Verify_UncompressedPublicKey 


uncompressed 
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TPId 


TP/SEC/ITS-S/R-DATA/NB-02-X 


Summary 


Check that ITS-S accepts valid signed data from another ITS-S when the Signer Identifier is a 
Certificate Chain and the signature contains public key with various types. 


Reference 


ETSI TS 102 867 [31, clause 5.1.4 


Configuration 


CF04 


PICS Selection 




Initial conditions 


with{ 

lUT in the operational state 

1 


Expected behaviour 


ensure tliat { 
when { 

the lUT receives a valid 1 609Dot2Data set to MSG_SIGNED_TS 
containing signed_data 
containing signer 

containing type set to 'certificate_chain' 
containing certificates 
containing a valid signature 

containing ecdsa signature. R.type 
set to X PKT SIGNATURE 

} 
then{ 

the lUT accepts the message 
} 
1 


Variants 


X 


PIC Selection 


X PKT SIGNATURE 


A 


PIC Verify CompressedKeyPublicKey 


compressed Isb y or compressed Isb y 1 


B 


PIC Verify XCoordinateOnlyPublicKey 


X coordinate only 


C 


PIC Verify UncompressedKeyPublicKey 


uncompressed 



6.2.1.4.1.2 



Signer verification 



TPId 


TP/SEC/ITS-S/R-DATA/NB-03 


Summary 


Check that ITS-S accepts valid signed data from another ITS-S when the Signer Identifier is a 
Certificate with a lifetime set to duration. 


Reference 


IEEE P1609.2/D12 [1], clause 6.3.2 


Configuration 


CF04 


PICS Selection 


PIC Verify StartValidity AND PIC Verify LifetimelsDuration 


Initial conditions 


with{ 

lUT in the operational state 
} 


Expected behaviour 


ensure that { 
when { 

the lUT receives a valid 1 609Dot2Data set to MSG_SIGNED_TS 
containing signed_data.signer 
containing type set to 'certificate' 
containing certificate. unsigned_certificate 
containing cf 

indicating 'use_start_validity' 
indicating 'lifetime is duration' 

} 
then{ 

the lUT accepts the message 
} 
} 
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TPId 


TP/SEC/ITS-S/R-DATA/NB-04 


Summary 


Check that ITS-S accepts valid signed data from another ITS-S when the Signer Identifier is a 
Certificate without a lifetime set to duration. 


Reference 


IEEE P1609.2/D12 [1], clause 6.3.2 


Configuration 


CF04 


PICS Selection 


PIC Verify StartValidity AND PIC Verify StartValiditylsATimestamp 


Initial conditions 


with{ 

lUT in the operational state 

1 


Expected behaviour 


ensure tliat { 
when { 

the lUT receives a valid 1 609Dot2Data set to MSG_SIGNED_TS 
containing signed_data.signer 
containing type set to 'certificate' 
containing certificate. unsigned_certificate 
containing cf 

indicating 'use_start_validity' 

not indicating 'lifetime is duration' 

} 
then{ 

the lUT accepts the message 
} 
1 



TPId 


TP/SEC/ITS-S/R-DATA/NB-05-X 


Summary 


Check that ITS-S accepts valid signed data from another ITS-S when the Signer Identifier is a 
Certificate containing list size PSIDs. 


Reference 


IEEE P1609.2/D12 [1], clause 6.3.23 


Configuration 


CF04 


PICS Selection 




Initial conditions 


with{ 

lUT in the operational state 

} 


Expected behaviour 


ensure that { 
when { 

the lUT receives a valid 1609Dot2Data set to MSG_SIGNED_TS 
containing signed_data.signer 
containing type set to 'certificate' 
containing certificate. unsigned_certificate 
containing a subjectjype 

set to 'sec_data_exch_ca' 
containing scope. permissions. permissionsjist 
containing X LIST SIZE PSID items 

} 
then{ 

the lUT accepts the message 
} 
} 


Variants 


X 


X LIST SIZE 


PIC Selection 


A 







B 


1 




C 


4 




D 


8 




E 


9 


PIC_Verify_PsidArrayWithMoreThan8Entries 
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TPId 


TP/SEC/ITS-S/R-DATA/NB-06 


Summary 


Check that ITS-S accepts valid signed data from another ITS-S when signed with a certificate 
containing an IdentifiedNotLocalizedScope and a zero-length subject name field. 


Reference 


IEEE P1609.2/D12 [1], clause 6.3.22 


Configuration 


CF04 


PICS Selection 




Initial conditions 


with{ 

lUT in the operational state 

1 


Expected behaviour 


ensure tliat { 
when { 

the lUT receives a valid 1 609Dot2Data set to MSG_SIGNED_TS 
containing signed_data.signer 
containing type set to 'certificate' 
containing certificate. unsigned_certificate 
containing a subjectjype 

set to 'sec_data_exch_identified_not_localized' 
containing id_not_loc_scope.subject_name 
set to an empty string 

} 
then{ 

the lUT accepts the message 
} 
} 



TPId 


TP/SEC/ITS-S/R-DATA/NB-07 


Summary 


Check that ITS-S accepts valid signed data from another ITS-S when signed with a certificate 
containing an IdentifiedNotLocalizedScope an6 a non-zero-length subject name field. 


Reference 


IEEE P1609.2/D12 [1], clause 6.3.22 


Configuration 


CF04 


PICS Selection 




Initial conditions 


with{ 

lUT in the operational state 
} 


Expected behaviour 


ensure that { 
when { 

the lUT receives a valid 1 609Dot2Data set to MSG_SIGNED_TS 
containing signed_data.signer 
containing type set to 'certificate' 
containing certificate. unsigned_certificate 
containing subject_type 

indicating 'sec_data_exch_identified_not_localized' 
containing id_not_loc_scope.subject_name 
set to non empty string 

} 
then{ 

the lUT accepts the message 
} 
} 



£75/ 



77 



ETSI TS 103 096-2 V1.1.1 (2013-07) 



6.2.1.4.2 Exceptional behavior 

6.2.1 .4.2.1 Generic message verification 



TPId 


TP/SEC/ITS-S/R-DATA/EB-01 -X 


Summary 


Check that ITS-S discards a 1609.2 secured message if the protocol version is invalid. 


Reference 


IEEE P1609.2/D12 [1], clause 6.2.1 


Configuration 


CF04 


PICS Selection 




Initial conditions 


with{ 

lUT in the operational state 
} 


Expected behaviour 


ensure tliat { 
when { 

the lUT receives a 1609Dot2Data set to MSG_SIGNED_TS 
containing protocol version 

set to X INVALID VERSION NUMBER 

} 
then{ 

the lUT discards the message 

} 
1 


Variants 


# 


X INVALID VERSION NUMBER 


A 





B 


1 


C 


3 


D 


255 
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TPId 


TP/SEC/ITS-S/R-DATA/EB-02-X 


Summary 


Checl< that ITS-S discards a 1609.2 secured message if the content type is not supported. 


Reference 


IEEE P1609.2/D12 [1], clause 6.2.1 


Configuration 


CF04 


PICS Selection 




Initial conditions 


with{ 

lUT in the operational state 
1 


Expected behaviour 


ensure tliat { 
when { 

the lUT receives a 1609Dot2Data set to MSG_SIGNED_TS 
containing type 

set to X INVALID CONTENT TYPE 

} 
then{ 

the lUT discards the message 

} 
} 


Variants 


X 


X INVALID CONTENT TYPE 


A 


unsecured (0) 


B 


encrypted(2) 


C 


certificate request(3) 


D 


certificate response(4) 


E 


anonymous certificate response(5) 


F 


certificate request error(6) 


G 


cri request(7) 


H 


crl(8) 


1 


signed wsa(11) 


J 


certificate response acl<nowledgment (12) 


K 


ANY_VALUE(128) 



6.2.1.4.2.2 



Data fields verification 



TPId 


TP/SEC/ITS-S/R-DATA/EB-03 


Summary 


Check that ITS-S discards valid signed data from another ITS-S when the expiry time of the 
received data is before the current time. 


Reference 


ETSI TS 1 02 867 [3], clause 5.1.11 


Configuration 


CF04 


PICS Selection 




Initial conditions 


with{ 

lUT in the operational state 
1 


Expected behaviour 


ensure that { 
when { 

the lUT receives a 1609Dot2Data set to MSG_SIGNED_TS 
containing signed_data.unsigned_data 
containing tf 

indicating 'expires' 

containing expiry_time 

set to value < CLT 

} 
then{ 

the lUT discards the message 
} 
} 
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TPId 


TP/SEC/ITS-S/R-DATA/EB-04 


Summary 


Checl< that ITS-S discards valid signed data which expires before generation time. 


Reference 


IEEE P1609.2/D12 [1], clause 5.5.3.2.1 


Configuration 


CF04 


PICS Selection 




Initial conditions 


with{ 

lUT in the operational state 
1 


Expected behaviour 


ensure tliat { 
when { 

the lUT receives a 1609Dot2Data set to MSG_SIGNED_TS 
containing signed_data 

containing generation time 

set to V_GEN_TIME 
containing expiry time 

set to V GEN TIME-lmin 

} 
then{ 

the lUT discards the message 
} 
} 



TPId 


TP/SEC/ITS-S/R-DATA/EB-05 


Summary 


Check that ITS-S discards valid signed data generated early then the validity period of the 
signing certificate. 


Reference 


IEEE P1609.2/D12[1], 5.5.3.2.1 


Configuration 


GF04 


PICS Selection 




Initial conditions 


with{ 

lUT in the operational state 
1 


Expected behaviour 


ensure that { 
when { 

the lUT receives a 1609Dot2Data set to MSG_SIGNED_TS 
containing signed_data 

containing generation time 

set to V_GEN_TIME 
containing signer 
containing type 

set to 'certificate_chain' 
containing certificates[last].unsigned_certificate 
containing a start validity 

set to V_GEN_TIME + Imin (V_START_VALIDITY_TIME) 
containing an expiration 

set to V START VALIDITY TIME + 1Y 

} 
then{ 

the lUT discards the message 

} 
} 
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TPId 


TP/SEC/ITS-S/R-DATA/EB-06 


Summary 


Checl< that ITS-S discards valid signed data generated later then the validity period of the 
signing certificate. 


Reference 


IEEE P1609.2/D12 [1], clause 5.5.3.2.1 


Configuration 


CF04 


PICS Selection 




Initial conditions 


with{ 

lUT in the operational state 

1 


Expected behaviour 


ensure tliat { 
when { 

the lUT receives a 1609Dot2Data set to MSG_SIGNED_TS 
containing signed_data 

containing generation time 

set to V_GEN_TIME 
containing signer 
containing type 

set to 'certificate_chain' 
containing certificates[last].unsigned_certificate 
containing an expiration 

set to V GEN TIME-lmin 

} 
then{ 

the lUT discards the message 
} 
} 



TPId 


TP/SEC/ITS-S/R-DATA/EB-07 


Summary 


Check that ITS-S discards valid signed data which expires early then the validity period of the 
signing certificate. 


Reference 


IEEE P1609.2/D12 [1], clause 5.5.3.2.1 


Configuration 


CF04 


PICS Selection 




Initial conditions 


with{ 

lUT in the operational state 
} 


Expected behaviour 


ensure that { 
when { 

the lUT receives a 1609Dot2Data set to MSG_SIGNED_TS 
containing signed_data 
containing expiry time 
set to V_EXP_TIME 
containing signer 
containing type 

set to 'certificate_chain' 
containing certificates[last].unsigned_certificate 
containing a start validity 

set to V_EXP_TIME + Imin (V_START_VALIDITY_TIME) 
containing an expiration 

set to V START VALIDITY TIME + 1Y 

} 
then{ 

the lUT discards the message 

} 
} 
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TPId 


TP/SEC/ITS-S/R-DATA/EB-08 


Summary 


Checl< that ITS-S discards valid signed data which expires later then the validity period of the 
signing certificate. 


Reference 


IEEE P1609.2/D12 [1], clause 5.5.3.2.1 


Configuration 


CF04 


PICS Selection 




Initial conditions 


with{ 

lUT in the operational state 

1 


Expected behaviour 


ensure tliat { 
when { 

the lUT receives a 1609Dot2Data set to MSG_SIGNED_TS 
containing signed_data 
containing expiry time 
set to V_EXP_TIME 
containing signer 
containing type 

set to 'certificate_chain' 
containing certificates[last].unsigned_certificate 
containing an expiration 

set to V EXP TIME-lmin 

} 
then{ 

the lUT discards the message 
} 
} 



TPId 


TP/SEC/ITS-S/R-DATA/EB-09 


Summary 


Check that ITS-S discards valid signed data from another ITS-S when the generation location of 
the received data is beyond the range considered valid by the lUT. 


Reference 


ETSI TS 1 02 867 [3], clause 5.1.11 


Configuration 


CF04 


PICS Selection 




Initial conditions 


with{ 

lUT in the operational state 
} 


Expected behaviour 


ensure that { 
when { 

the lUT receives a 1609Dot2Data set to MSG_SIGNED_TS 
containing signed_data.unsigned_data 
containing tf 

indicating 'usejocation' 
containing generationjocation 
containing latitude 

set to PARIS_LAT 
containing longitude 
set to PARIS LON 

} 
then{ 

the lUT discards the message 

} 
1 
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TPId 


TP/SEC/ITS-S/R-DATA/EB-1 


Summary 


Check that ITS-S discards valid signed data when the generated location is outside the validity 
region of the signer's certificate. 


Reference 


IEEE P1609.2/D12 [1], clause 5.5.3.2.1 


Configuration 


CF04 


PICS Selection 




Initial conditions 


with{ 

lUT in the operational state 

1 


Expected behaviour 


ensure tliat { 
when { 

the lUT receives a 1609Dot2Data set to MSG_SIGNED_TS 
containing signed_data 
containing signer 

containing type set to 'certificate' 
containing certificate. unsigned certificate.scope. region 
set to REGION_SMALL 
containing unsigned_data.generation_location 
containing latitude 

set to PARIS_LAT 
containing longitude 
set to PARIS LON 

} 
then{ 

the lUT discards the message 
} 
} 



6.2.1.4.2.3 



Signature verification 



TPId 


TP/SEC/ITS-S/R-DATA/EB-1 1 


Summary 


Check that ITS-S discards data with a cryptographically invalid signature. 


Reference 


IEEE P1609.2/D12 [1], clause 6.2.3 


Configuration 


CF04 


PICS Selection 




Initial conditions 


with{ 

lUT in the operational state 
1 


Expected behaviour 


ensure that { 
when { 

the lUT receives a 1609Dot2Data set to MSG_SIGNED_TS 
containing signed_data 

containing signature. ecdsa_signature 
set to the invalid signature value 

} 
then{ 

the lUT discards the message 
} 
} 
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6.2.1.4.2.4 



Signer verification 



TPId 


TP/SEC/ITS-S/R-DATA/EB-12-X 


Summary 


Check that ITS-S discards a signed 1609.2 message if the signer type is not set to a 
permitted value. 


Reference 


IEEEP1609.2/D12[1], 


clause 6.2.1 


Configuration 


CF04 


PICS Selection 




Initial conditions 


with { 

lUT in the operational state 
} 


Expected behaviour 


ensure that { 
when { 

the lUT receives a 1609Dot2Data set to MSG_SIGNED_TS 
containing signed_data.signer 
containing type 

set to X INVALID SIGNER TYPE 

} 
then{ 

the lUT discards the message 
} 
1 


Variants 


X 


X INVALID VERSION NUMBER 


Comments 


A 


'self (0) 


Self-signed certificates are not allowed 


B 


6 


Invalid value 


C 


255 


Invalid value 



TPId 


TP/SEC/ITS-S/R-DATA/EB-1 3 


Summary 


Check that ITS-S discards received data signed with a revoked certificate. 


Reference 


IEEE P1609.2/D12 [1], clause 5.5.3.2.1 


Configuration 


CF04 


PICS Selection 




Initial conditions 


with{ 

lUT in the operational state 
1 


Expected behaviour 


ensure that { 
when { 

the lUT receives a 1609Dot2Data set to MSG_SIGNED_TS 
containing signed_data.signer 
containing type 

set to 'certificate' 
containing certificate 

set to revoked Certificate 

} 
then{ 

the lUT discards the message 

} 
1 
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TPId 


TP/SEC/ITS-S/R-DATA/EB-1 4-X 


Summary 


Checl< that ITS-S discards valid signed data when the signer is a certificate chain in which the 
region of validity of a subordinate certificate overlaps but is not wholly contained by the region of 
validity of its issuing certificate. 


Reference 


IEEE P1609.2/D12 [1], clause 5.5.3.2.3 


Configuration 


CF04 


PICS Selection 




Initial conditions 


with{ 

lUT in the operational state 

I 


Expected behaviour 


ensure tliat { 
when { 

the lUT receives a 1609Dot2Data set to MSG_SIGNED_TS 
containing signed_data.signer 

containing type set to 'certificate_chain' 
containing certificates[n].scope. region 

set to REGION_SMALL 
containing certificates[n+1]. scope. region 
set to X REGION 

} 
then{ 

the lUT discards the message 

} 
1 


Variants 


X 


X REGION 


A 


REGION INTERSECTING 


B 


REGION OUTSIDE 


C 


REGION MEDIUM 
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TPId 


TP/SEC/ITS-S/R-DATA/EB-1 5-X 


Summary 


Check that ITS-S discards valid signed data when the signer is a certificate chain in which the 
validity period of a subordinate certificate is outside that of its issuing certificate. 


Reference 


IEEE P1609.2/D12 [1], clause 5.5.3.2.3 


Configuration 


CF04 


PICS Selection 


PIC Verify StartValidity AND PIC Verify StartValiditylsATimestamp 


Initial conditions 


with{ 

lUT in the operational state 

1 


Expected behaviour 


ensure tliat { 
when { 

the lUT receives a 1609Dot2Data set to MSG_SIGNED_TS 
containing signed_data.signer 

containing type set to 'certificate_chain' 
containing certificates[last-1 ].unsigned_certificate 
containing cf 

set to 'use_start_validity' 
containing an expiration 
set to X_TIME_EXP1 
containing start validity 
set to X_TIME_START1 
containing certificates[last].unsigned_certificate 
containing cf 

set to 'use_start_validity' 
containing an expiration 
set to X_TIME_EXP2 
containing start validity 
set to X TIME START2 

} 
then{ 

the lUT discards the message 
} 
1 


Variants 


X 


X TIME START1 


X TIME EXP1 


X TIME START2 


X TIME EXP2 


Comment 


A 


CLT+2Y 


CLT+3Y 


CLT-1Y 


CLT+1Y 


Subordinate certificate validity 
period is totaly before the issuing 
one 


B 


CLT-1Y 


CLT+2Y 


CLT-2Y 


CLT+1Y 


Subordinate certificate validity 
period is intersecting the issuing 
one 


C 


CLT-2Y 


CLT+1Y 


CLT-1Y 


CLT+2Y 


Subordinate certificate validity 
period is intersecting the issuing 
one 


D 


CLT-1Y 


CLT+1Y 


CLT+2Y 


CLT+3Y 


Subordinate certificate validity 
period is totaly after the issuing 
one 
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TPId 


TP/SEC/ITS-S/R-DATA/EB-1 6 


Summary 


Checl< that ITS-S discards valid signed data when the signer is a certificate chain in which the 
operational permissions of a subordinate certificate are not a subset of the permissions of its 
issuing certificate. 


Reference 


IEEE P1609.2/D12 [1], clause 5.5.3.3 


Configuration 


CF04 


PICS Selection 




Initial conditions 


with{ 

lUT in the operational state 

I 


Expected behaviour 


ensure tliat { 
when { 

the lUT receives a 1609Dot2Data set to MSG_SIGNED_TS 
containing signed_data.signer 

containing type set to 'certificate_chain' 
containing certificates[last-1 ].unsigned_certificate 
containing scope. permissions.permissionsjist 
set to array[1] 

containing PSID_A 
containing certificates[last].unsigned_certificate 
containing scope. permissions.permissionsjist 
set to array[1] 

containing PSID B 

} 
then{ 

the lUT discards the message 
} 
} 



TPId 


TP/SEC/ITS-S/R-DATA/EB-1 7 


Summary 


Check that ITS-S discards valid signed data when the signer is a certificate chain in which the 
subordinate certificate has a valid signature which is not the signature of its issuing certificate. 


Reference 


IEEE P1609.2/D12 [1], clause 5.5.3.3 


Configuration 


CF04 


PICS Selection 




Initial conditions 


with{ 

lUT in the operational state 
1 


Expected behaviour 


ensure that { 
when { 

the lUT receives a 1609Dot2Data set to MSG_SIGNED_TS 
containing signed_data.signer 

containing type set to 'certificate_chain' 
containing certificates[last] 
containing valid signature 

verifiable using verification key of the certificate pointed by signerjd 
containing signerjd 

set to the value not equal to the 8-byte hash of the certiflcates[last-1] 

} 
then{ 

the lUT discards the message 

} 
} 
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TPId 


TP/SEC/ITS-S/R-DATA/EB-1 8 


Summary 


Checl< that ITS-S discards valid signed data when the signer is a certificate chain in which an 
issuing certificate is not permitted to issue certificates of its subordinate certificate's type. 


Reference 


IEEE P1609.2/D12 [1], clause 5.5.3.3 


Configuration 


CF04 


PICS Selection 




Initial conditions 


with{ 

lUT in the operational state 

1 


Expected behaviour 


ensure tliat { 
when { 

the lUT receives a 1609Dot2Data set to MSG_SIGNED_TS 
containing signed_data.signer 

containing type set to 'certificate_chain' 
containing certificates[last-1 ].unsigned_certificate 
containing a scope 

containing permitted_subject_types 

set to 'sec_data_exch_identified_localized' 
containing certificates[last].unsigned_certificate 
containing a subjectjype 

set to 'sec data exch anonymous' 

} 
then{ 

the lUT discards the message 
} 
} 



TPId 


TP/SEC/ITS-S/R-DATA/EB-1 9-X 


Summary 


Check that ITS-S discards a signed 1 609.2 message if the version_and_type field is not set to 
the value 2. 


Reference 


IEEE P1609.2/D12 [1], clause 6.3.2 


Configuration 


CF04 


PICS Selection 




Initial conditions 


with{ 

lUT in the operational state 
} 


Expected behaviour 


ensure that { 
when { 

the lUT receives a 1609Dot2Data set to MSG_SIGNED_TS 
containing signed_data.signer 

containing type set to 'certificate_chain' 
containing certificates[last].version and type 

set to INVALID CERT VERSION AND TYPE 

} 
then{ 

the lUT discards the message 

} 
} 


Variants 


Y 


INVALID CERT VERSION AND TYPE 


A 





B 


1 


C 


3 


D 


255 
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TPId 


TP/SEC/ITS-S/R-DATA/EB-20 


Summary 


Check that ITS-S discards a signed 1609.2 message if the signature is calculated over the hash 
of the version_and_type and the unsignecl_certificate fields if the calculation does not use the 
compressed representation of all public keys and reconstruction values contained in the 
certificate. 


Reference 


IEEE P1609.2/D12 [1], clause 6.3.1 


Configuration 


CF04 


PICS Selection 


PIC Verify UncompressedKey 


Initial conditions 


with{ 

lUT in the operational state 
1 


Expected behaviour 


ensure tliat { 
when { 

the lUT receives a 1609Dot2Data set to MSG_SIGNED_TS 
containing signed_data.signer 
containing type 

set to 'certificate_chain' 
containing certificates[last].unsigned_certificate 

containing verification_l<ey.public_l<ey.type (V_PKT_VK) 

set to 'uncompressed' 
containing signature. ecdsa_signature 

calculated using uncompressed representation of V PKT VK 

} 
then{ 

the lUT discards the message 
} 
} 



TPId 


TP/SEC/ITS-S/R-DATA/EB-21 


Summary 


Check that ITS-S discards a signed 1609.2 message if both the crl_series and the expiration 
fields in the unsigned certificate are empty. 


Reference 


IEEE P1609.2/D12 [1], clause 6.3.1 


Configuration 


CF04 


PICS Selection 




Initial conditions 


with{ 

lUT in the operational state 
} 


Expected behaviour 


ensure that { 
when { 

the lUT receives a 1609Dot2Data set to MSG_SIGNED_TS 
containing signed_data.signer 
containing type 

set to 'certificate_chain' 
containing certificate[last].unsigned_certificate 
containing crl_series 

set to 
containing expiration 
set to 

} 
then{ 

the lUT discards the message 

} 
} 
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TPId 


TP/SEC/ITS-S/R-DATA/EB-22 


Summary 


Checl< that ITS-S discards a signed 1 609.2 message if the permissions requested in the end- 
user certificate contains duplicate PSIDs. 


Reference 


IEEE P1609.2/D12 [1], clause 6.3.9 


Configuration 


CF04 


PICS Selection 




Initial conditions 


with{ 

lUT in the operational state 

1 


Expected behaviour 


ensure tliat { 
when { 

the lUT receives a 1609Dot2Data set to MSG_SIGNED_TS 
containing signed_data.signer 
containing type 

set to 'certificate_chain' 
containing certificates[last].unsigned_certificate. scope. permissions. permissionsjist 
set to array[2] 

containing PSID_A 
containing PSID A 

} 
then{ 

the lUT discards the message 

} 
} 



TPId 


TP/SEC/ITS-S/R-DATA/EB-23-X 


Summary 


Check that ITS-S discards a signed 1 609.2 message if the latitude specified in the region 
associated with the signers certificate scope is outside the limits of ±90°. 


Reference 


IEEE P1609.2/D12 [1], clause 6.3.9 


Configuration 


CF04 


PICS Selection 




Initial conditions 


with{ 

lUT in the operational state 
} 


Expected behaviour 


ensure that { 
when { 

the lUT receives a 1609Dot2Data set to MSG_SIGNED_TS 
containing signed_data.signer 
containing type 

set to 'certificate_chain' 
containing certificates[last].unsigned_certificate. scope. region 
containing latitude 

set to X INVALID LATITUDE 

} 
then{ 

the lUT discards the message 

} 
} 


Variants 


X 


X INVALID LATITUDE 


A 


900000001 


B 


-900000001 
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TPId 


TP/SEC/ITS-S/R-DATA/EB-24-X 


Summary 


Check that ITS-S discards a signed 1 609.2 message if the longitude specified in the region 
associated with the signers certificate scope is outside the limits of ±180°. 


Reference 


IEEE P1609.2/D12 [1], clause 6.3.9 


Configuration 


CF04 


PICS Selection 




Initial conditions 


with{ 

lUT in the operational state 

1 


Expected behaviour 


ensure tliat { 
when { 

the lUT receives a 1609Dot2Data set to MSG_SIGNED_TS 
containing signed_data.signer 
containing type 

set to 'certificate_chain' 
containing certificates[last].unsigned_certificate. scope. region 
containing longitude 

set to X INVALIT LONGITUDE 

} 
then{ 

the lUT discards the message 
} 
1 


Variants 


X 


X INVALID LONGITUDE 


A 


1800000001 


B 


-1800000001 



TPId 


TP/SEC/ITS-S/R-DATA/EB-25 


Summary 


Check that ITS-S discards a signed 1609.2 message if it contains a secured data exchange, 
identified not localized scope with zero PSID SSPs in its permissions list. 


Reference 


IEEE P1609.2/D12 [1], clause 6.3.23 


Configuration 


CF04 


PICS Selection 




Initial conditions 


with{ 

lUT in the operational state 

1 


Expected behaviour 


ensure that { 
when { 

the lUT receives a 1609Dot2Data set to MSG_SIGNED_TS 
containing signed_data.signer 
containing type 

set to 'certificate_chain' 
containing certificates[last].unsigned_certificate. scope. permissions. permissionsjist 
set to array[0] 

not containing any PSID SSP 

} 
then{ 

the lUT discards the message 

} 
} 
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TPId 


TP/SEC/ITS-S/R-DATA/EB-26 


Summary 


Check that ITS-S discards a signed 1609.2 message if it contains a secured data exchange, 
identified not localized scope with a PSID SSPs of more than 31 octets. 


Reference 


IEEE P1609.2/D12 [1], clause 6.3.23 


Configuration 


CF04 


PICS Selection 




Initial conditions 


with{ 

lUT in the operational state 

1 


Expected behaviour 


ensure tliat { 
when { 

the lUT receives a 1609Dot2Data set to MSG_SIGNED_TS 
containing signed_data.signer 
containing type 

set to 'certificate_chain' 
containing certificates[last].unsigned_certificate 
containing scope. permissions. permissionsjist 
set to array[1] 

containing V_PSIDSSPP_A 

containing service_specific_permission 
longer than 31 octets 

} 
then{ 

the lUT discards the message 
} 
} 



6.2.2 Certificate Autliority 
6.2.2.1 Normal Behavior 



6.2.2.1.1 



Generic message verification 



TPId 


TP/SEC/CA/NB-01 


Summary 


Check that CA correctly decrypts a Certificate Request. 


Reference 


IEEE P1609.2/D12 [1], clause 5.6.2.1 


Config Id 


CF01,CF02 


PICS Selection 




Initial conditions 


with{ 

the lUT in operational state 

} 


Expected behaviour 


ensure that { 
when { 

the lUT receives a CertificateRequest 

} 
then{ 

the lUT decrypts the request 
} 
} 
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TPId 


TP/SEC/CA/NB-02-X 


Summary 


Checl< that CA generates certificate response encoded 
response encryption l^ey field in the request. 


using the key stored in 


Reference 


IEEE P1609.2/D12 [1], clause 6.3.34 


Config Id 


CF01,CF02 


PICS Selection 




Initial conditions 


with{ 

the lUT in operational state 

1 


Expected behaviour 


ensure tliat { 
when { 

the lUT receives a CertificateRequest set to X_REQUEST 

containing unsigned csr.response encryption l<ey (V RESPONSE 

} 
then{ 

the lUT sends a CertificateResponse set to X RESPONSE 
encrypted using V RESPONSE ENC KEY 

} 
} 


_ENC_KEY) 


Variants 


X 


X REQUEST 


X RESPONSE 


A 


MSG ENRREQ TS 


MSG ENRRSP lUT 


B 


MSG AUTHREQ TS 


MSG AUTHRSP lUT 



TPId 


TP/SEC/CA/NB-03-X 


Summary 


Check that CA generates certificate response. 


Reference 


IEEE P1609.2/D12 [1], clause 6.2.17 


Config Id 


CF01, CF02 


PICS Selection 




Initial conditions 


with{ 

the lUT in operational state 
} 


Expected behaviour 


ensure that { 
when { 

the lUT receives a valid CertificateRequest set to X REQUEST 

} 
then{ 

the lUT sends a CertificateResponse set to X_RESPONSE 
containing certificate_chain[last]. signature 

verifiable using CERT CA.unsigned certificate.verification key 

} 
1 


Variants 


X 


X REQUEST 


X RESPONSE 


A 


MSG ENRREQ TS 


MSG ENRRSP lUT 


B 


MSG AUTHREQ TS 


MSG AUTHRSP lUT 
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TPId 


TP/SEC/CA/NB-04-X 


Summary 


Check that the CA accepts a valid certificate request having correct fields and values, signed by 
a signer id with type set to 'certificate'. 


Reference 


IEEE P1609.2/D12 [1], clause 6.2.4 


Config Id 


CF01,CF02 


PICS Selection 




Initial conditions 


with{ 

the lUT in operational state 
} 


Expected behaviour 


ensure tliat { 
when { 

the lUT receives a valid CertificateRequest set to X_REQUEST 
containing signer 
containing type 

set to 'certificate' 
containing certificate 

} 
then{ 

the lUT sends a CertificateResponse set to X RESPONSE 

} 
} 


Variants 


X 


X REQUEST 


X RESPONSE 


A 


MSG ENRREQ TS 


MSG ENRRSP lUT 


B 


MSG AUTHREQ TS 


MSG AUTHRSP lUT 



TPId 


TP/SEC/CA/NB-05-X 


Summary 


Check that the CA accepts a valid certificate request having correct fields and values, signed by 
a signer id with type set to 'certificate chain'. 


Reference 


IEEE P1609.2/D12 [1], clause 6.2.4 


Config Id 


CF01,CF02 


PICS Selection 




Initial conditions 


with{ 

the lUT in operational state 
} 


Expected behaviour 


ensure that { 
when { 

the lUT receives a CertificateRequest set to X_REQUEST 
containing signer 
containing type 

set to 'certificate_chain' 
containing certificates 

set to array of certificates 

} 
then{ 

the lUT sends a CertificateResponse set to X RESPONSE 

} 
1 


Variants 


X 


X REQUEST 


X RESPONSE 


A 


MSG ENRREQ TS 


MSG ENRRSP lUT 


B 


MSG AUTHREQ TS 


MSG AUTHRSP lUT 
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6.2.2.1.2 



Key Compression 



TPId 


TP/SEC/CA/NB-06-X-Y 


Summary 


Check that an CA accepts a certificate request, signed by a valid certificate chain and 
containing various public key types. 


Reference 


IEEE P1609.2/D12 [1], clause 6.2.17 


Config Id 


CF01,CF02 


PICS Selection 




Initial conditions 


with { 

the lUT in operational state 

the lUT is configured to use signature of type Y PKT RES SIGN 

} 


Expected behaviour 


ensure that { 
when { 

the lUT receives a valid CertificateRequest set to X_REQUEST 
containing signer.type 

set to 'certificate_chain' 
containing signer.certificate_chain[last] 

containing signature. ecdsa signature. R.type 

set to Y_PKT_SIG_SIGN 
containing unsigned certificate.verification key.public key.type 
set to Y_PKT_SIG_VK 
containing unsigned csr.verification key.public key.type 

set to Y_PKT_VK 
containing unsigned csr.response encryption key.public key.type 

set to Y_PKT_REK 
containing signature. ecdsa_signature 

calculated using compressed representation of Y_PKT_VK and Y_PKT_REK 
containing R.type 

set to Y PKT REQ SIGN 

} 
then{ 

the lUT sends a valid CertificateResponse set to X_RESPONSE 
containing certificates[last] 

containing unsigned certificate.verification key.public key.type 

set to Y_PKT_VK 
containing signature. ecdsa_signature 

calculated using compressed representation of Y_PK_TYPE_VK and Y_PK_TYPE_REK 
containing R.type 

set to Y PKT RES SIGN 

} 
} 


Variants 


X 


X REQUEST 


X RESPONSE 


A 


MSG ENRREQ TS 


MSG ENRRSP lUT 


B 


MSG AUTHREQ TS 


MSG AUTHRSP lUT 




Possible values: 

Comp : compressed_lsb_y_0 or compressed_lsb_y_1 

X_co : x_coordinate_only 

Uncomp: uncompressed 


Y 


Y PKT SIG VK 


Y PKT SIG SIGN 


Y PKT REQ SIGN 


Y PKT VK 


Y PKT REK 


Y PKT RES SIGN 


A 


Comp 


X CO 


X CO 


Comp 


Comp 


Comp 


B 


X CO 


X CO 


X CO 


X CO 


X CO 


X CO 


C 


Uncomp 


Uncomp 


Uncomp 


Uncomp 


Uncomp 


Uncomp 


D 


Comp 


U Uncomp 


Uncomp 


Comp 


X CO 


Uncomp 


E 


X CO 


Uncomp 


Uncomp 


X CO 


X CO 


X CO 


F 


Uncomp 


Comp 


Comp 


Uncomp 


Uncomp 


Comp 


G 


Y 


Comp 


Comp 


X CO 


Comp 


Uncomp 


H 


X CO 


Comp 


Comp 


X CO 


X CO 


X CO 
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6.2.2.1.3 



Permissions 



TPId 


TP/SEC/CA/NB-07-X-Y 


Summary 


Check that an CA responds to a certificate request with the list of permissions fully contained in 
the request signer certificate. 


Reference 


IEEE P1609.2/D12 [11, clauses 6.3.9 and 6.3.23, 


Config Id 


CF01,CF02 


PICS Selection 




Initial conditions 


with{ 

the lUT in operational state 

the lUT is configured to provide certificates with permissions {PSID A, PSID B, PSID C, PSID D, PSID E, 

PSID F, PSID G, PSID H, PSID 1} 

} 


Expected behaviour 


ensure that { 
when { 

the lUT receives a valid CertificateRequest set to X_REQUEST 

containing signer.certificate. unsigned certificate. sec data exch ca scope. permissions. permissions list 

set to Y_PSID_LIST_SIGNER 
containing unsigned_csr.type_specific_data.V_REQ_SCOPE 
containing permissions. permissions list 
set to Y PSIDSSP LIST REQUEST 

} 
then{ 

the lUT sends a valid CertificateResponse set to X_RESPONSE 
containing certificates[last].unsigned_certificate 
containing V_REQ_SCOPE 

containing permissions. permissions list 
set to Y PSIDSSP LIST RES 
} 
} 


Variants 


X 


X REQUEST 


X RESPONSE 


A 


MSG ENRREQ TS 


MSG ENRRSP lUT 


B 


MSG AUTHREQ TS 


MSG AUTHRSP lUT 




Variants 


Y 


PICS Selection 


Y PSID LIST SIGNER 


Y PSIDSSP LIST REQUEST 


Y PSIDSSP LIST RES 


A 




{PSID A} 


{PSID A} 


{PSID A} 


B 




{PSID A, PSID B, 
PSID C, PSID D} 


{PSID_A} 


{PSID_A} 


C 




{PSID A, PSID B, 
PSID C, PSID D} 


{PSID A, PSID B, 
PSID C, PSID D} 


{PSID A, PSID B, 
PSID C, PSID D} 


D 




{PSID A, PSID B, 
PSID C, PSID D, 
PSID E, PSID F, 
PSID G, PSID H} 


{PSID A, PSID B, 
PSID C, PSID D, 
PSID E, PSID F, 
PSID G, PSID H} 


{PSID A, PSID B, 
PSID C, PSID D, 
PSID E, PSID F, 
PSID G, PSID H} 


E 




{PSID A, PSID B, 
PSID C, PSID D} 


{ PSID C, PSID D, PSID E, 
PSID F} 


{PSID_A, PSID_B} 


F 


PIC_Verify_PsidArrayWi 
thlVlorelhanSEntries 


{PSID_A} 


{PSID A, PSID B, 
PSID C, PSID D, 
PSID E, PSID F, 
PSID G, PSID H, 
PSIDJ} 


{PSID_A} 


G 


PIC_Verify_PsidArrayWi 
thlVJorelhanSEntries 


{PSID A, PSID B, 
PSID C, PSID D, 
PSID E, PSID F, 
PSID G, PSID H, 
PSID 1} 


{PSID A} 


{PSID_A} 
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TPId 


TP/SEC/CA/NB-08-X-Y 


Summary 


Check that an CA responds to a certificate request with the list of permissions set to the 
intersection between requested permissions and CA certificate permissions. 


Reference 


IEEE P1609.2/D12 [1], clauses 6.3.9 and 6.3.23 


Config Id 


CF01,CF02 


PICS Selection 




Initial conditions 


with{ 

the lUT in operational state 

the lUT is configured with an CA certificate 

containing certificate. unsigned certificate.sec data exch ca scope.permissions. permissions list 
set to Y PSID LIST CA CERT 

} 


Expected behaviour 


ensure that { 
when { 

the lUT receives a valid CertificateRequest set to X_REQUEST 
containing unsigned_csr.type_specific_data.REQ_SCOPE 
containing permissions. permissions list 
set to Y PSIDSSP LIST REQUEST 

} 
then{ 

the lUT sends a valid CertificateResponse set to X_RESPONSE 
containing certificates[last].unsigned_certificate 
containing REQ_SCOPE 

containing permissions. permissions list 
set to Y PSIDSSP LIST RES 
} 
} 


Note: Request signing certificate fully covers Y_PSIDSSP_LIST_REQUEST 


Variants 


X 


X REQUEST 


X RESPONSE 


A 


MSG ENRREQ TS 


MSG ENRRSP lUT 


B 


MSG AUTHREQ TS 


MSG AUTHRSP lUT 




Variants 


Y 


PICS Selection 


Y PSID LIST CA CERT 


Y PSIDSSP LIST REQUEST 


Y PSIDSSP LIST RES 


A 




{PSID A} 


{PSID A} 


{PSID A} 


B 




{PSID A, PSID B, 
PSID C, PSID D} 


{PSID_A} 


{PSID_A} 


C 




{PSID A, PSID B, 
PSID C, PSID D} 


{PSID A, PSID B, 
PSID C, PSID D} 


{PSID A, PSID B, 
PSID C, PSID D} 


D 




{PSID A, PSID B, 
PSID C, PSID D, 
PSID E, PSID F, 

PSID G, PSID H} 


{PSID A, PSID B, 
PSID C, PSID D, 
PSID E, PSID F, 
PSID G, PSID H} 


{PSID A, PSID B, 
PSID C, PSID D, 
PSID E, PSID F, 
PSID G, PSID H} 


E 




{PSID A, PSID B, 
PSID_C, PSID_D} 


{ PSID C, PSID D, PSID E, 
PSID F} 


{PSID_A, PSID_B} 


F 


PIC_Verify_PsidArray 

WithMoreThanSEntrie 

s 


{PSID_A} 


{PSID A, PSID B, 

PSID C, PSID D , 

PSID E, PSID F, 

PSID G, PSID H, 

PSID 1} 


{PSID_A} 


G 


PIC_Verify_PsidArray 

WithlVJorelhanSEntrie 

s 


{PSID A, PSID B, 
PSID C, PSID D , 
PSID E, PSID F, 
PSID G, PSID H, 
PSID 1} 


{PSID A} 


{PSID_A} 
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6.2.2.1.4 



Expiration 



TPId 


TP/SEC/CA/NB-09-X 


Summary 


Check that the CA accepts a valid certificate request having specified start validity time. 


Reference 


IEEE P1609.2/D12 [1], clause 6.2.17 


Config Id 


CF01,CF02 


PICS Selection 




Initial conditions 


with{ 

the lUT in operational state 
1 


Expected behaviour 


ensure tliat { 
when { 

the lUT receives a CertificateRequest set to X_REQUEST 
containing unsigned_csr 
containing cf 

indicating use_start_validity 
and not indicating lifetime_is_duration 
containing start_validity 
set to 1 Jan 2010 

} 
then{ 

the lUT sends a CertificateResponse set to X_RESPONSE 
containing certificates[last].unsigned_certificate 
valid from 1 Jan 2010 
} 
} 


Variants 


X 


X REQUEST 


X RESPONSE 


A 


MSG ENRREQ TS 


MSG ENRRSP lUT 


B 


MSG AUTHREQ TS 


MSG AUTHRSP lUT 



TPId 


TP/SEC/CA/NB-10-X 


Summary 


Check that the CA accepts a valid certificate request with lifetime set to 0. 


Reference 


IEEE P1609.2/D12 [1], clause 6.3.34 

ETSI TS 102 941 [2] Table 1 : Contents of ITS-S EnrolmentRequest message 

ETSI TS 102 941 [2] Table 2 : Contents of ITS-S AuthorizationRequest message 


Config Id 


CF01,CF02 


PICS Selection 




Initial conditions 


with{ 

the lUT in operational state 

} 


Expected behaviour 


ensure that { 
when { 

the lUT receives a CertificateRequest set to X_REQUEST 
containing unsigned_csr 
containing cf 

indicating use_start_validity and lifetime_is_duration 
containing lifetime 
set to 

} 
then{ 

the lUT sends a valid CertificateResponse set to X RESPONSE 

} 
} 


Variants 


X 


X REQUEST 


X RESPONSE 


A 


MSG ENRREQ TS 


MSG ENRRSP lUT 


B 


MSG AUTHREQ TS 


MSG AUTHRSP lUT 
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TPId 


TP/SEC/CA/NB-11-X 


Summary 


Check that the CA accepts a valid certificate request with start validity set to 0. 


Reference 


IEEE P1609.2/D12 [1], clause 6.3.34 

ETSI TS 102 941 [2] Table 1 : Contents of ITS-S EnrolmentRequest message 

ETSI TS 102 941 [2] Table 2 : Contents of ITS-S AuthorizationRequest message 


Config Id 


CF01,CF02 


PICS Selection 




Initial conditions 


with{ 

the lUT in operational state 

1 


Expected behaviour 


ensure tliat { 
when { 

the lUT receives a CertificateRequest set to X_REQUEST 
containing unsigned_csr 
containing cf 

indicating use_start_validity 
and not indicating lifetime_is_duration 
containing start_validity 
set to 

} 
then{ 

the lUT sends a valid Certificate Response set to X RESPONSE 

} 
1 


Variants 


X 


X REQUEST 


X RESPONSE 


A 


MSG ENRREQ TS 


MSG ENRRSP lUT 


B 


MSG AUTHREQ TS 


MSG AUTHRSP lUT 



TPId 


TP/SEC/CA/NB-12-X 


Summary 


Check that CA generates valid certificate response with a certificate containing the field 
start validity. 


Reference 


IEEE P1609.2/D12 [1], clause 6.3.2 


Config Id 


CF01,CF02 


PICS Selection 




Initial conditions 


with{ 

the lUT in operational state 

the lUT is configured to use start_validity flag 

the lUT is configured not to use a lifetime is duration flag 

} 


Expected behaviour 


ensure that { 
when { 

the lUT receives a valid CertificateRequest set to X REQUEST 

} 
then{ 

the lUT sends a CertificateResponse set to X_RESPONSE 
containing certificate_chain[last].unsigned_certificate 
containing cf 

indicating use_start_validity 
and not indicating lifetime_is_duration 
containing start_validity 

set to the timestamp < certificate chain[last]. unsigned certificate.expiration 
} 
} 


Variants 


X 


X REQUEST 


X RESPONSE 


A 


MSG ENRREQ TS 


MSG ENRRSP lUT 


B 


MSG AUTHREQ TS 


MSG AUTHRSP lUT 
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6.2.2.1.5 



Regions 



TPId 


TP/SEC/CA/NB-13-X-Y 


Summary 


Check that an CA responds to a certificate request with the region which is fully containing in 
the request region and in the signer region. 


Reference 


IEEE P1609.2/D12 [1], clauses 6.3.13, 6.3.15 and 5.5.3.3 


Config Id 


CF01,CF02 


PICS Selection 




Initial conditions 


with { 

the lUT in operational state 

1 


Expected behaviour 


ensure that { 
when { 

the lUT receives a valid CertificateRequest set to X_REQUEST 
containing signer.certificate. unsigned certificate.ANY SCOPE. region 

set to Y_REGION_SIGNER 
containing unsigned csr.type specific data.ANY SCOPE. region 
set to Y REGION REQUEST 

} 
then{ 

the lUT sends a valid CertificateResponse set to X_RESPONSE 
containing certificates[last].unsigned_certificate.ANY_SCOPE. region 
containing regionjype 

set to 'circle' 
containing circular region inside Y REGION RES 

} 
} 


Variants 


X 


X REQUEST 


X RESPONSE 


A 


MSG ENRREQ TS 


MSG ENRRSP lUT 


B 


MSG AUTHREQ TS 


MSG AUTHRSP lUT 




Variants 


Y 


Y REGION SIGNER 


Y REGION REQUEST 


Y REGION RES 


A 


REGION LARGE 


REGION MEDIUM 


REGION MEDIUM 


B 


REGION LARGE 


REGION LARGE 


REGION LARGE 


C 


REGION MEDIUM 


REGION SMALL 


REGION SMALL 
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6.2.2.2 



Exceptional Behavior 



6.2.2.2.1 



Invalid Message Fields 



TPId 


TP/SEC/CA/EB-01-X 


Summary 


Check that CA discards certificate requests if the message content type is different than 
"encrypted". 


Reference 


IEEE P1609.2/D12 [1], clause 6.2.1 


Config Id 


GF01,GF02 


PICS Selection 




Initial conditions 


with { 

the lUT in operational state 

1 


Expected behaviour 


ensure that { 
when { 

the lUT receives a 1609Dot2Data structure 
containing type 

set to X INVALID CONTENT TYPE 

} 
then{ 

the lUT discards the received message 
} 
} 


Variants 


X 


X INVALID CONTENT TYPE 


A 


unsecured (0) 


B 


signed(1) 


C 


certificate request(3) 


D 


certificate response{4) 


E 


anonymous certificate response(5) 


F 


certificate request error(6) 


G 


cri request(7) 


H 


crl(8) 


1 


signed partial payload(9) 


J 


signed external payload(IO) 


K 


signed wsa(11) 


L 


certificate response acknowledgment (12) 


M 


ANY_VALUE(128) 
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TPId 


TP/SEC/CA/EB-02-X 


Summary 


Check that CA discards certificate requests if the protocol version is not 2. 


Reference 


IEEE P1609.2/D12[1], clause 6.2.1.1 


Config Id 


CF01,CF02 


PICS Selection 




Initial conditions 


with { 

the lUT in operational state 
1 


Expected behaviour 


ensure that { 
when { 

the lUT receives a 1609Dot2Data structure 
containing protocol version 

set to X INVALID VERSION NUMBER 

} 
then{ 

the lUT discards the received message 
} 
} 


Variants 


# 


X INVALID VERSION NUMBER 


A 





B 


1 


C 


3 


D 


255 



TPId 


TP/SEC/CA/EB-03-X 


Summary 


Check that CA discards messages others than certificate request. 


Reference 


IEEE P1609.2/D12[1], clause 6.2.1.1 


Config Id 


CF01,CF02 


PICS Selection 




Initial conditions 


with { 

the lUT in operational state 
} 


Expected behaviour 


ensure that { 
when { 

the lUT receives a 1609Dot2Data structure 
containing encrypted_data 

containing encrypted_data (ToBeEncrypted data structure) 
containing type 

set to X INVALID CONTENT TYPE 

} 
then{ 

the lUT discards the received message 
} 
} 


Variants 


X 


X INVALID CONTENT TYPE 


A 


unsecured (0) 


B 


signed(l) 


C 


encrypted(2) 


D 


certificate response(4) 


E 


anonymous certificate response(5) 


F 


certificate request error(6) 


G 


cri request(7) 


H 


crl(8) 


1 


signed partial payload{9) 


J 


signed external payload(IO) 


K 


signed wsa(11) 


L 


certificate response acknowledgment (12) 


M 


ANY VALUE(128) 
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TPId 


TP/SEC/CA/EB-04-X-Y 


Summary 


Check that CA discards certificate request if the certificate is not an explicit one. 


Reference 


IEEE P1609.2/D12 [1], clause 6.3.1 


Config Id 


CF01,CF02 


PICS Selection 




Initial conditions 


with { 

the lUT in operational state 
1 


Expected behaviour 


ensure that { 
when { 

the lUT receives a CertificateRequest set to X_REQUEST 
containing unsigned csr.version and type 

set to Y INVALID CERT VERSION AND TYPE 

} 
then{ 

the lUT sends a CertificateRequestError set to X_RESPONSE 
containing reason 

set to 'verification failure' 
} 
} 


Variants 


X 


X REQUEST 


X RESPONSE 


A 


MSG ENRREQ TS 


MSG ENRERR lUT 


B 


MSG AUTHREQ TS 


MSG AUTHERR lUT 




Variants 


Y 


Y INVALID CERT VERSION AND TYPE 


A 





B 


1 


C 


3 


D 


255 



TPId 


TP/SEC/CA/EB-05-X 


Summary 


Check that CA generates a certificate request error with valid fields when it receives the request 
with cryptographically invalid signature. 


Reference 


IEEE P1609.2/D12 [1], clause 6.2.17 


Config Id 


CF01,CF02 


PICS Selection 




Initial conditions 


with{ 

the lUT in operational state 
1 


Expected behaviour 


ensure that { 
when { 

the lUT receives a CertificateRequest set to X_REQUEST 

containing a criptogtaphicaly invalid signature 

} 
then{ 

the lUT sends a CertificateRequestError set to X_RESPONSE 
containing reason 

set to 'verification failure' 
} 
} 


Variants 


X 


X REQUEST 


X RESPONSE 


A 


MSG ENRREQ TS 


MSG ENRERR lUT 


B 


MSG AUTHREQ TS 


MSG AUTHERR lUT 
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6.2.2.2.2 



Invalid Certificate or Certificate Chain 



TPId 


TP/SEC/CA/EB-06-X 


Summary 


Check that an CA discards an certificate request with an cryptographically invalid signing 
certificate. 


Reference 


IEEE P1609.2/D12 [1], clause 5.5.3.3 


Config Id 


CF01,CF02 


PICS Selection 




Initial conditions 


with { 

the lUT in operational state 

1 


Expected behaviour 


ensure that { 
when { 

the lUT receives a CertificateRequest set to X_REQUEST 
containing signer 
containing type 

set to 'certificate_chain' 
containing certificates[last] 

containing cryptographically invalid signature 

} 
then{ 

the lUT sends a valid CertificateRequestError set to X_RESPONSE 
containing reason 

set to 'verification failure' 
} 
} 


Variants 


X 


X REQUEST 


X RESPONSE 


A 


MSG ENRREQ TS 


MSG ENRERR lUT 


B 


MSG AUTHREQ TS 


MSG AUTHERR lUT 



TPId 


TP/SEC/CA/EB-07-X 


Summary 


Check that an CA discards an certificate request containing a signer containing an invalid 
certificate (unknown root certificate). 


Reference 


IEEE P1609.2/D12 [1], clauses 5.6.1 .2 and 6.3.37 


Config Id 


CF01,CF02 


PICS Selection 




Initial conditions 


with { 

the lUT in operational state 
} 


Expected behaviour 


ensure that { 
when { 

the lUT receives a CertificateRequest set to X_REQUEST 
containing signer 
containing type 

set to 'certificate_chain' 
containing certificates[0] (root certificate) 
set to an unknown root certificate 

} 
then{ 

the lUT sends a valid CertificateRequestError set to X_RESPONSE 
containing reason 

set to 'verification failure' 
} 
} 


Variants 


X 


X REQUEST 


X RESPONSE 


A 


MSG ENRREQ TS 


MSG ENRERR lUT 


B 


MSG AUTHREQ TS 


MSG AUTHERR lUT 
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TPId 


TP/SEC/CA/EB-08-X 


Summary 


Check that an CA discards an certificate request containing a signer containing an invalid 
certificate chain (expired root certificate). 


Reference 


IEEE P1609.2/D12 [1], clauses 5.5.3.3 and 6.3.37 


Config Id 


CF01,CF02 


PICS Selection 




Initial conditions 


with { 

the lUT in operational state 

1 


Expected behaviour 


ensure that { 
when { 

the lUT receives a CertificateRequest set to X_REQUEST 
containing signer 
containing type 

set to 'certificate_chain' 
containing certificates[0] (root certificate) 

containing unsigned certificate.expiration < CLT 

} 
then{ 

the lUT sends a valid CertificateRequestError set to X_RESPONSE 
containing reason 

set to 'verification failure' 
} 
1 


Variants 


X 


X REQUEST 


X RESPONSE 


A 


MSG ENRREQ TS 


MSG ENRERR lUT 


B 


MSG AUTHREQ TS 


MSG AUTHERR lUT 



TPId 


TP/SEC/CA/EB-09-X 


Summary 


Check that an CA discards an certificate request containing a signer containing an invalid 
certificate chain (cryptographically invalid root certificate). 


Reference 


IEEE P1609.2/D12 [1], clauses 5.6.1 .2 and 6.3.37 


Config Id 


CF01,CF02 


PICS Selection 




Initial conditions 


with { 

the lUT in operational state 
1 


Expected behaviour 


ensure that { 
when { 

the lUT receives a CertificateRequest set to X_REQUEST 
containing signer 
containing type 

set to 'certificate_chain' 
containing certificates[0] (root certificate) 
containing invalid signature 

} 
then{ 

the lUT sends a valid CertificateRequestError set to X_RESPONSE 
containing reason 

set to 'verification failure' 
} 
} 


Variants 


X 


X REQUEST 


X RESPONSE 


A 


MSG ENRREQ TS 


MSG ENRERR lUT 


B 


MSG AUTHREQ TS 


MSG AUTHERR lUT 
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TPId 


TP/SEC/CA/EB-10-X 


Summary 


Check that an CA discards an certificate request containing a signer containing an incomplete 
certificate chain (missing root certificate). 


Reference 


IEEE P1609.2/D12 [1], clauses 5.6.1.2 and 6.3.37 


Config Id 


CF01,CF02 


PICS Selection 




Initial conditions 


with { 

the lUT in operational state 

1 


Expected behaviour 


ensure that { 
when { 

the lUT receives a CertificateRequest set to X_REQUEST 
containing signer 
containing type 

set to 'certificate_chain' 
containing certificates 

not containing a root certificate (CERT ROOT) 

} 
then{ 

the lUT sends a valid CertificateRequestError set to X_RESPONSE 
containing reason 

set to 'verification failure' 
} 
1 


Variants 


X 


X REQUEST 


X RESPONSE 


A 


MSG ENRREQ TS 


MSG ENRERR lUT 


B 


MSG AUTHREQ TS 


MSG AUTHERR lUT 



TPId 


TP/SEC/CA/EB-11-X 


Summary 


Check that an CA discards an certificate request containing an unknown signer. 


Reference 


IEEE P1609.2/D12 [1], clause 5.5.3.3 


Config Id 


CF02 


PICS Selection 




Initial conditions 


with { 

the lUT in operational state 

1 


Expected behaviour 


ensure that { 
when { 

the lUT receives a CertificateRequest set to X_REQUEST 
containing signer 

containing type set to 'certificate' 
containing certificate 

set to unknown certificate (see note) 

} 
then{ 

the lUT sends a valid CertificateRequestError set to X_RESPONSE 
containing reason 

set to 'csr cert revoked' 
} 
1 


NOTE: A certificate that does not belong to a chain that leads to a known trust anchor. 


Variants 


X 


X REQUEST 


X RESPONSE 


A 


MSG ENRREQ TS 


MSG ENRERR lUT 


B 


MSG AUTHREQ TS 


MSG AUTHERR lUT 
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TPId 


TP/SEC/CA/EB-12-X 


Summary 


Check that an CA discards an certificate request containing a revoked signer certificate. 


Reference 


IEEE P1609.2/D12 [1], clause 6.3.37 


Config Id 


CF01,CF02 


PICS Selection 




Initial conditions 


with { 

the lUT in operational state 
1 


Expected behaviour 


ensure that { 
when { 

the lUT receives a CertificateRequest set to X_REQUEST 
containing signer 
containing type 

set to 'certificate' 
containing certificate 

set to revoked certificate 

} 
then{ 

the lUT sends a valid CertificateRequestError set to X_RESPONSE 
containing reason 

set to 'csr cert revoked' 
} 
1 


Variants 


X 


X REQUEST 


X RESPONSE 


A 


MSG ENRREQ TS 


MSG ENRERR lUT 


B 


MSG AUTHREQ TS 


MSG AUTHERR lUT 
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6.2.2.2.3 



Invalid Certificate Fields 



TPId 


TP/SEC/CA/EB-13-X-Y 


Summary 


Check that an CA discards an certificate request with certificate content flags other than 
'use start validity' or 'lifetime is duration'. 


Reference 


ETSI TS 102 867 [3], clause 5.1.2.2, IEEE P1609.2/D12 [1], clauses 6.3.2 and 6.3.34 


Config Id 


CF01,CF02 


PICS Selection 




Initial conditions 


with { 

the lUT in operational state 

1 


Expected behaviour 


ensure that { 
when { 

the lUT receives a CertificateRequest set to X_REQUEST 
containing unsigned csr.cf 
set to Y INVALID FLAGS 

} 
then{ 

the lUT sends a valid CertificateRequestError set to X_RESPONSE 
containing reason 

set to 'request denied' 
} 
1 


Variants 


X 


X REQUEST 


X RESPONSE 


A 


MSG ENRREQ TS 


MSG ENRERR lUT 


B 


MSG AUTHREQ TS 


MSG AUTHERR lUT 




Variants 




Y_INVALID_FLAGS 


Y 


use start validity (0) 


lifetime is duration(l) 


encryption key (2) 


A 


Yes 


Yes 


Yes 


B 


No 


Yes 


Yes 


C 


Yes 


No 


Yes 


D 


No 


No 


Yes 
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TPId 


TP/SEC/CA/EB-14-X 


Summary 


Check that an CA discards an certificate request signed with expired credentials. 


Reference 


IEEE P1609.2/D12 [1], clauses 5.5.3.3 and 6.3.37 


Config Id 


CF01,CF02 


PICS Selection 




Initial conditions 


with { 

the lUT in operational state 
1 


Expected behaviour 


ensure that { 
when { 

the lUT receives a CertificateRequest set to X_REQUEST 
containing signer 
containing type 

set to 'certificate_chain' 
containing certificates[last] 

containing unsigned certificate.explration < CLT 

} 
then{ 

the lUT sends a valid CertificateRequestError set to X_RESPONSE 
containing reason 

set to 'verification failure' 
} 
1 


Variants 


X 


X REQUEST 


X RESPONSE 


A 


MSG ENRREQ TS 


MSG ENRERR lUT 


B 


MSG AUTHREQ TS 


MSG AUTHERR lUT 
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TPId 


TP/SEC/CA/EB-15-X 


Summary 


Check that CA generates certificate request error with valid fields and with signature of various 

public key types. 

Check that CA calculate request hash using compressed representation of all public keys. 


Reference 


IEEE P1609.2/D12 [1], clause 6.2.17 


Config Id 


CF01,CF02 


PICS Selection 




Initial conditions 


with{ 

the lUT in operational state 

the lUT is configured to use signature of type Y PK TYPE SIGNATURE 

1 


Expected behaviour 


ensure that { 
when { 

the lUT receives a CertificateRequest set to X_REQUEST 
containing a criptogtaphicaly invalid signature 
containing unsigned_csr.verification_key.public_key.type (V_PK_REQ_VK) 

set to 'uncompressed' 
containing unsigned_csr.response_encryption_key.public_key.type (V_PK_REQ_REK) 
set to 'uncompressed' 

} 
then{ 

the lUT sends a CertificateRequestError set to X_RESPONSE 
containing reason 

set to 'verification_failure' 
containing request_hash 

set to the hash calculated using compressed representation of the V PK REQ VK and 
V_PK_REQ_REK 
containing signature. ecdsa_signature 
containing R.type 

set to Y PK TYPE SIGNATURE 

} 
1 


Variants 


X 


X REQUEST 


X RESPONSE 


A 


MSG ENRREQ TS 


MSG ENRERR lUT 


B 


MSG AUTHREQ TS 


MSG AUTHERR lUT 




Variants 


Y 


Y PK TYPE SIGNATURE 


A 


compressed Isb y 0/1 


B 


X coordinate only 


C 


uncompressed 
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6.2.2.2.4 



Invalid Permissions 



TPId 


TP/SEC/CA/EB-16-X-Y 


Summary 


Check that an CA discards an certificate request with an invalid PsidArray.type. 


Reference 


ETSI TS 102 867 [3], clause 5.1.2.2, IEEE P1609.2/D12 [1], clause 6.3.7 


Config Id 


CF01,CF02 


PICS Selection 




Initial conditions 


with { 

the lUT in operational state 

1 


Expected behaviour 


ensure that { 
when { 

the lUT receives a CertificateRequest set to X_REQUEST 
containing unsigned_csr.type_specific_data.ANY_SCOPE 
containing permissions.type 

set to Y INVALID ARRAY TYPE 

} 
then{ 

the lUT sends a valid CertificateRequestError set to X_RESPONSE 
containing reason 

set to 'request denied' 
} 
1 


Variants 


X 


X REQUEST 


X RESPONSE 


A 


MSG ENRREQ TS 


MSG ENRERR lUT 


B 


MSG AUTHREQ TS 


MSG AUTHERR lUT 




Variants 


Y 


Y INVALID ARRAY TYPE 


A 


from issuer(O) 


B 


ANY OTHER (128) 
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TPId 


TP/SEC/CA/EB-17-X 


Summary 


Check that an CA discards an certificate request signed by the certificate with the 
permissions list which is not a superset of requested permissions list. 


Reference 


IEEE P1609.2/D12 [1], clause 5.5.3.3 


Config Id 


CF01,CF02 


PICS Selection 




Initial conditions 


with { 

the lUT in operational state 

1 


Expected behaviour 


ensure that { 
when { 

the lUT receives a CertificateRequest set to X_REQUEST 

containing signer.certificate. unsigned certificate.ANY SCOPE. permissions. permissions list 

set to X_PSID_LIST_SIGNER 
containing unsigned csr.type specific data.ANY SCOPE. permissions. permissions list 
set to X PSID LIST REQ 

} 
then{ 

the lUT sends a valid CertificateRequestError set to X_RESPONSE 
containing reason 

set to 'request denied' 
} 
1 


Variants 


X 


X REQUEST 


X RESPONSE 


A 


lUISG ENRREQ TS 


MSG ENRERR lUT 


B 


MSG AUTHREQ TS 


MSG AUTHERR lUT 




Variants 


Y 


PICS Selection 


X PSID LIST SIGNER 


X PSID LIST REQ 


A 




{PSID 8} 


{PSID_A} 


B 




{ PSID B, PSID C, PSID D , 

PSID E, PSID F, PSID G, 

PSID H, PSID 1} 


{PSID_A} 


C 


PIC_Verify_PsidArrayWithlVloreThan8Entries 


{ PSID B, PSID C, PSID D , 
PSID E, PSID F, PSID G, 
PSID_H, PSIDJ, PSID_J} 


{PSID_A} 


D 


PIC_Verify_PsidArrayWithMoreThan8Entries 


{PSID_A} 


{PSID B, PSID C, PSID D 

, PSID E, PSID F, PSID G, 

PSID H, PSID 1} 


E 




{PSID_A} 


{PSID B, PSID C, PSID D 

, PSID E, PSID F, PSID G, 

PSID H, PSID 1, PSID J} 


F 




{PSID A, PSID B, PSID C, 
PSID_D} 


{ PSID E, PSID F, PSID G, 
PSID H} 
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TPId 


TP/SEC/CA/EB-18-X 


Summary 


Check that an CA discards an certificate request if it has duplicated PSIDs. 


Reference 


IEEE P1609.2/D12 [1], clause 6.3.9 


Config Id 


CF01, CF02 


PICS Selection 




Initial conditions 


with{ 

the lUT in operational state 

the lUT containing CA_CERT 

containing unsigned certificate. scope. permissions.permissions list(V PERM LIST) 
1 


Expected behaviour 


ensure tliat { 
when { 

the lUT receives a CertificateRequest set to X_REQUEST 
containing unsigned_csr.type_specific_data.scope 
containing permissions. permissionsjist 
set to array[2]{ 

containing V PERM LIST[0] 
containing V PERM LIST[0] 

} 
} 
then{ 

the lUT sends a valid CertificateRequestError set to X_RESPONSE 
containing reason 

set to 'verification failure' 
} 
} 


Variants 


X 


X REQUEST 


X RESPONSE 


A 


MSG ENRREQ TS 


MSG ENRERR lUT 


B 


MSG AUTHREQ TS 


MSG AUTHERR lUT 
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6.2.2.2.5 



Invalid Regions 



TPId 


TP/SEC/CA/EB-19-X-Y 


Summary 


Check that an CA discards a certificate request signed by the certificate containing a scope with 
a circular region (REGION_SIGNER) and an unsigned csr with a circular region 
(REGION REQUEST) that is not fully contained in the signer region. 


Reference 


IEEE P1609.2/D12 [1], clause 5.5.3.3 


Config Id 


GF01,GF02 


PICS Selection 




Initial conditions 


with { 

the lUT in operational state 
} 


Expected behaviour 


ensure that { 
when { 

the lUT receives a CertificateRequest set to X_REQUEST 
containing signer 
containing type 

set to 'certificate' 
containing certificate. unsigned_certificate.ANY_SCOPE 
containing region 

set to Y_REGION_SIGNER 
containing unsigned_csr.type_specific_data.ANY_SCOPE 
containing region 

set to Y REGION REQUEST 

} 
then{ 

the lUT sends a valid CertificateRequestError set to X_RESPONSE 
containing reason 

set to 'request denied' 
} 
1 


Variants 


X 


X REQUEST 


X RESPONSE 


A 


MSG ENRREQ TS 


MSG ENRERR lUT 


B 


MSG AUTHREQ TS 


MSG AUTHERR lUT 




Variants 


Y 


Y REGION SIGNER 


Y REGION REQUEST 


A 


REGION SMALL 


REGION OUTSIDE 


B 


REGION SMALL 


REGION LARGE 


C 


REGION SMALL 


REGION INTERSECTING 
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6.2.2.2.6 



Expiration 



TPId 


TP/SEC/CA/EB-20-X 


Summary 


Check that an CA discards a certificate request containing an expired signer certificate. 


Reference 


IEEE P1609.2/D12 [1], clauses 6.3.2, 6.3.37 and 6.2.7, ETSI TS 102 867 [3], clause 5.1.2.1 


Config Id 


CF01,CF02 


PICS Selection 




Initial conditions 


with { 

the lUT in operational state 

1 


Expected behaviour 


ensure that { 
when { 

the lUT receives a CertificateRequest set to X_REQUEST 

containing signer 
containing type 

set to 'certificate' 
containing certificate. unsigned_certificate 
containing expiration 
settoCLT-'1Y' 
containing lifetime 
setto'lY' 

} 
then{ 

the lUT sends a CertificateRequestError set to X_RESPONSE 
containing reason 

set to 'csr cert expired' 
} 
} 


Variants 


X 


X REQUEST 


X RESPONSE 


A 


MSG ENRREQ TS 


MSG ENRERR lUT 


B 


MSG AUTHREQ TS 


MSG AUTHERR lUT 
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TPId 


TP/SEC/CA/EB-21-X-Y 


Summary 


Check that an CA discards a certificate request with invalid expiration time. 


Reference 


IEEE P1609.2/D12 [1], clauses 6.3.2, 6.3.37 and 6.2.7, ETSI TS 102 867 [3], clause 5.1.2.1 


Config Id 


CF01,CF02 


PICS Selection 




Initial conditions 


with { 

the lUT in operational state 
1 


Expected behaviour 


ensure that { 
when { 

the lUT receives a CertificateRequest set to X_REQUEST 
containing signer.certificate.unsigned_certificate 
containing expiration 

set to Y_EXP_SIGNER 
containing lifetime 

set to Y_LT_SIGNER 
containing unsigned_csr 
containing expiration 

set to Y_EXP_REQUEST 
containing lifetime 

set to Y LT REQUEST 

} 
then{ 

the lUT sends a valid CertificateRequestError set to X_RESPONSE 
containing reason 

set to 'request denied' 
} 
} 


Variants 


X 


X REQUEST 


X RESPONSE 


A 


MSG ENRREQ TS 


MSG ENRERR lUT 


B 


MSG AUTHREQ TS 


MSG AUTHERR lUT 




Variants 


Y 


Y EXP SIGNER 


Y LT SIGNER 


Y EXP REQUEST 


Y EXP REQUEST 


A 


CLT+1Y 


1Y 


CLT+2Y 


1M 


B 


CLT+1Y 


1Y 


CLT+2Y 


1Y 


C 


CLT+1Y 


1Y 


CLT+2Y 


2Y 


D 


CLT+2Y 


1M 


CLT+1Y 


1M 


E 


CLT+2Y 


1Y 


CLT+1Y 


1M 


F 


CLT+3Y 


2Y 


CLT+2Y 


2Y 
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6.2.3 Enrolment Authority 
6.2.3.1 Normal Behavior 



TPId 


TP/SEC/EA/ENR/NB-01 


Summary 


Check that the EA accepts a valid self-signed enrolment request having correct fields and 
values. 


Reference 


IEEE P1609.2/D12 [1], clause 6.2.4 


Config Id 


CF01 


PICS Selection 


PIC Generate SelfSigned 


Initial conditions 


with{ 

the lUT in operational state 
} 


Expected behaviour 


ensure tliat { 
when { 

the lUT receives a valid CertificateRequest set to MSG_ENRREQ_TS 
containing signer 
containing type 
set to 'self 

} 
then{ 

the lUT sends a CertificateResponse set to MSG ENRRSP lUT 
} 
} 



6.2.3.2 



Exceptional Behavior 



TPId 


TP/SEC/EA/ENR/EB-02-X 


Summary 


Check that an EA discards a enrolment request signed by a signerjd with type set to an 
other value than 'self, 'certificate' or ' certificate chain'. 


Reference 


ETSI TS 102 941 [2], clause 6.2.2.3 


Config Id 


CF01,CF02 


PICS Selection 




Initial conditions 


with{ 

the lUT in operational state 
} 


Expected behaviour 


ensure that { 
when { 

the lUT receives a CertificateRequest set to MSG_ENRREQ_TS 
containing signer 
containing type 

set to X INVALID SUBJECT TYPE 

} 
then{ 

the lUT sends a valid CertificateRequestError set to X_RESPONSE 
containing reason 

set to 'request denied' 
} 
} 


Variants 


X 


PICS 


X INVALID SUBJECT TYPE 


A 


Not PIC Verify SelfSigned 


self(O) 


B 




certificate digest with ecdsap224{1) 


C 




certificate digest with ecdsap256(2) 


D 




certificate digest with other algorithm(5) 


E 




ANY OTHER (128) 
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TPId 


TP/SEC/E A/EN R/EB-03-X 


Summary 


Check that an EA discards an enrolment request with a subject type other than 
'sec data exch csr'. 


Reference 


IEEE P1609.2/D12 [1], 5.5.3.3, ETSI TS 102 867 [3], clause 5.1.2.1, IEEE P1609.2/D12 [1], 
clause 6.3.7 


Config Id 


CF01 


PICS Selection 




Initial conditions 


with{ 

the lUT in operational state 

1 


Expected behaviour 


ensure tliat { 
when { 

the lUT receives a CertificateRequest set to MSG_ENRREQ_TS 
containing unsigned_csr 
containing subject type 

set to XJNVALID_SUBJECT_TYPE 
containing type specific data 
containing X INVALID SCOPE 

} 
then{ 

the lUT sends a valid CertificateRequestError set to X_RESPONSE 
containing reason 

set to 'request denied' 
} 
1 


Variants 


# 


X INVALID SUBJECT TYPE 


X INVALID SCOPE 


A 


sec data exch anonymous (0) 


AnonymousScope 


B 


sec data exch identified not localized (1) 


IdentifiedNotLocalizedScope 


C 


sec data exch identified localized (2) 


IdentifiedLocalizedScope 


D 


wsa (4) 


WsaCaScope 


E 


wsa csr (5) 


WsaCaScope 


F 


sec data exch ca(6) 


SecDataExchCaScope 


G 


wsa ca (7) 


WsaCaScope 


H 


cri signer(8) 


CRLSeries 


1 


root ca (255) 


RootCaScope 


J 


ANY OTHER (128) 


omit 
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6.2.4 Authorization Authority 

6.2.4.1 Normal Behavior 

6.2.4.1 .1 Scopes (Scope Kind and Scope Name) 



TPId 


TP/SEC/AA/AUTH/NB-01 


Summary 


Check that an AA responds to an authorization request with 
an anonymous scope 

with a valid authorization certificate. 


Reference 


IEEE P1609.2/D12 [1], clauses 6.2.22, 6.3.6, 6.3.7 and 6.3.19 


Config Id 


CF02 


PICS Selection 




Initial conditions 


with { 

the lUT in operational state 
} 


Expected behaviour 


ensure that { 
when { 

the lUT receives a valid CertificateRequest (AuthorisationRequest) set to MSG_AUTHREQ_TS 
containing unsigned_csr 
containing subject_type 

set to 'sec_data_exch_anonynnous' 
containing type_specific_data 
containing anonymous_scope 
containing additional_data 
set to 0x00 (length 0) 

} 
then{ 

the lUT sends a valid CertificateResponse (AuthorisationResponse) set to MSG_AUTHRSP_IUT 
containing certificates[last].unsigned_certificate 
containing subject_type 

set to 'sec_data_exch_anonynnous' 
containing type_specific_data 
containing anonymous_scope 
containing additional_data 
set to 0x00 (length 0) 
} 
} 
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TPId 


TP/SEC/AA/AUTH/NB-02 


Summary 


Check that an AA responds to an authorization request with 
a localized scope with a name of different size 

with a valid authorization certificate. 


Reference 


IEEE P1609.2/D12 [1], clauses 6.2.22, 6.3.6, 6.3.7 and 6.3.19 


Config Id 


CF02 


PICS Selection 




Initial conditions 


with { 

the lUT in operational state 

1 


Expected behaviour 


ensure that { 
when { 

the lUT receives a valid CertificateRequest (AuthorisationRequest) set to MSG_AUTHREQ_TS 
containing unsigned_csr 
containing subject_type 

set to 'sec_data_exch_identified_localized' 
containing type specific data.id scope. name 
set to SCOPE NAME 

} 
then{ 

the lUT sends a valid CertificateResponse (AuthorisationResponse) set to MSG_AUTHRSPJUT 
containing certificates[last].unsigned_certificate 
containing subject_type 

set to 'sec_data_exch_identified_localized' 
containing id scope. name 

set to ANY VALUE OR NONE 
} 
} 


Variants 


X 


SCOPE NAME 


A 


of length > and < 32 


B 


of length 


C 


of length 1 


D 


of length 32 
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6.2.4.1.2 



Expiration 



TPId 


TP/SEC/AA/AUTH/NB-03-X 


Summary 


Check that AA responds to an authorization request with the validity period conformed to the 
request and to the enrolment certificate. 


Reference 


IEEE P1609.2/D12 [1], clauses 6.3.2 and 6.3.34 


Config Id 


CF02 


PICS Selection 




Initial conditions 


with { 

the lUT in operational state 

1 


Expected behaviour 


ensure that { 
when { 

the lUT receives a valid CertificateRequest (AuthorisationRequest) set to MSG_AUTHREQ_TS 
containing signer.certificate.unsigned_certificate 
containing expiration 

set to EXP_ENR_Cert 
containing lifetime 

set to LT_ENR_Cert 
containing unsigned_csr 
containing expiration 

set to EXP_AR 
containing lifetime 
set to LT AR 

} 
then{ 

the lUT sends a valid AuthorizationResponse 
containing certificates[last].unsigned_certificate 
containing expiration 

set to EXP_ARResp 
containing lifetime 
set to LT AResp 
} 
} 


Variants 


X 


EXP ENR Cert 


LT ENR Cert 


EXP AR 


LT AR 


A 


CLT+2Y 


1M 


CLT+2Y 


1M 


B 


CLT+2Y 


1Y 


CLT+2Y 


1M 


C 


CLT+2Y 


1Y 


CLT+1Y+1M 


1M 


D 


CLT+2Y 


2Y 


CLT+2Y 


2Y 


E 


CLT+2Y 


2Y 


CLT + 1 M 


1M 


F 


CLT+2Y 


4Y 


CLT+2Y 


2Y 


G 


CLT+2Y 


4Y 


CLT + 1 M 


1M 




EXP_AResp 


with EXP AResp =< EXP ENR Cert AND 
EXP AResp <=EXP AR 


LT_AResp 


EXP AResp - LT AResp >= CLT and 

EXP AResp -LT AResp >= EXP ENR Cert-LT ENR Cert AND 

EXP AResp - LT AResp >= EXP AR - LT AR 
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6.2.4.2 



Exceptional Behavior 



6.2.4.2.1 



Invalid Certificates or Certificate Chain Fields 



TPId 


TP/SEC/AA/AUTH/EB-01 -X 


Summary 


Check that an AA discards an authorization request signed 

by a signer id with type set to an other value than 'certificate' or ' certificate chain'. 


Reference 


ETSI TS 102 941 [2] (VI. 1.1), clause 6.2.2.3 


Config Id 


CF02 


PICS Selection 




Initial conditions 


with { 

the lUT in operational state 
1 


Expected behaviour 


ensure that { 
when { 

the lUT receives a CertificateRequest set to MSG_AUTHREQ_TS 
containing signer 
containing type 

set to X INVALID SIGNER TYPE 

} 
then{ 

the lUT sends a valid CertiflcateRequestError set to MSG_AUTHERRJUT 
containing reason 

set to 'request denied' 
} 
1 


Variants 


X 


X INVALID SIGNER TYPE 


A 


self(O) 


B 


certificate digest with ecdsap224(1) 


C 


certificate digest with ecdsap256(2) 


D 


certificate digest with other algorithm(5) 


E 


ANY OTHER (128) 
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6.2.4.2.2 



Invalid Scopes (Subject Type and Scope Name) 



TPId 


TP/SEC/AA/AUTH/EB-02-X 


Summary 


Check that an AA discards an authorization request with a subject type other than 
'sec data exch anonymous' or 'sec data exch identified localized'. 


Reference 


IEEE P1609.2/D12 [1], clauses 5.5.3.3 and 6.3.7, ETSI TS 102 867 [3], clause 5.1.2.1 


Config Id 


CF02 


PICS Selection 




Initial conditions 


with{ 

the lUT in operational state 
1 


Expected behaviour 


ensure that { 
when { 

the lUT receives a CertificateRequest set to IVISG_AUTHREQ_TS 

containing signer.certificate. unsigned certificate.sec data exch ca scope. permitted subject types 

set to X_PERMITTED_SUBJECT_TYPES 
containing unsigned_csr 
containing subject type 

set to XJNVALID_SUBJECT_TYPE 
containing type specific data 
containing X INVALID SCOPE 

} 
then{ 

the lUT sends a valid CertificateRequestError set to MSG_AUTHERR_IUT 
containing reason 

set to 'request denied' 
} 
} 


Variants 


X 


X PERMITTED SUBJECT TYPES 


X INVALID SUBJECT TYPE 


X INVALID SCOPE 


A 


sec_data_exch_identified_localized 
and sec_data_exch_anonymous 


sec data exch identified not localize 
d(1) 


IdentifiedNotLocalizedScop 
e 


B 


sec_data_exch_identified_localized 
and sec_data_exch_anonymous 


sec_data_exch_csr (3) 


SecDataExchCaScope 


C 


sec_data_exch_identified_localized 
and sec data exch anonymous 


wsa (4) 


WsaCaScope 


D 


sec_data_exch_identified_localized 
and sec_data_exch_anonymous 


wsa_csr (5) 


WsaCaScope 


E 


sec_data_exch_identified_localized 
and sec_data_exch_anonymous 


sec_data_exch_ca(6) 


SecDataExchCaScope 


F 


sec_data_exch_identified_localized 
and sec data exch anonymous 


wsa_ca (7) 


WsaCaScope 


G 


sec_data_exch_identified_localized 
and sec_data_exch_anonymous 


crl_signer{8) 


CRLSeries 


H 


sec_data_exch_identified_localized 
and sec_data_exch_anonymous 


root_ca (255) 


RootCaScope 


1 


sec_data_exch_identified_localized 
and sec data exch anonymous 


ANY OTHER (128) 


omit 


J 


sec data exch identified localized 


sec data exch anonymous (0) 


AnonymousScope 


K 


sec_data_exch_anonymous 


sec data exch identified localized 
(2) 


Identified LocalizedScope 
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